CVE-2019-15774
published 2019-08-29CVE-2019-15774: The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
PriorityP279medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.73%
74.8th percentile
The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| booking_project | booking | < 2.5 | 2.5 |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-admin/admin-ajax.php?action=nd_booking_import_settings_php_function&nd_booking_value_import_settings=nd_booking_plugin_dev_mode%5Bnd_booking_option_value%5D1
path/wp-content/plugins/nd-booking/readme.txt
path/wp-content/plugins/nd-booking/
- →Exploit request targets the unauthenticated nopriv_ AJAX action `nd_booking_import_settings_php_function` via GET to /wp-admin/admin-ajax.php — no authentication required.
- →Successful exploitation returns one of two distinct response strings confirming the WordPress option was modified; match either string in HTTP response body to confirm exploitation.
- →Fingerprint vulnerable plugin installations by checking for the string 'Booking WP plugin' in /wp-content/plugins/nd-booking/readme.txt and version < 2.5.
- →Use Shodan query to discover exposed vulnerable instances.
- →Use FOFA query to discover exposed vulnerable instances.
- →Use PublicWWW query to discover exposed vulnerable instances.
- ·The vulnerability allows unauthenticated modification of the WordPress `siteurl` setting (and other options such as `nd_booking_plugin_dev_mode`) via the exposed nopriv_ AJAX action, which requires no login or nonce. ↗
- ·The exploit is marked `intrusive` — sending the proof-of-concept request will actually modify the target site's WordPress options (e.g., enabling dev mode), not merely probe for the vulnerability.
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wwvv-r6q6-282q: The nd-booking plugin before 2
ghsa_unreviewed·2022-05-24
CVE-2019-15774 [MEDIUM] CWE-601 GHSA-wwvv-r6q6-282q: The nd-booking plugin before 2
The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
VulnCheck
booking_project booking URL Redirection to Untrusted Site ('Open Redirect')
vulncheck·2019·CVSS 6.1
CVE-2019-15774 [MEDIUM] booking_project booking URL Redirection to Untrusted Site ('Open Redirect')
booking_project booking URL Redirection to Untrusted Site ('Open Redirect')
The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
Affected: booking_project booking
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/nd-booking/nd-booking-24-unauthenticated-arbitrary-options-update; https://app.crowdsec.net/cti/cve-explorer/CVE-2019-15774
No detection rules found.
Nuclei
ND Booking < 2.5 - Unauthenticated Options Change
nuclei·CVSS 6.1
CVE-2019-15774 [MEDIUM] ND Booking < 2.5 - Unauthenticated Options Change
ND Booking < 2.5 - Unauthenticated Options Change
The Hotel Booking WordPress plugin ND Booking < 2.5 was affected by an Unauthenticated Options Change security vulnerability.
Template:
id: CVE-2019-15774
info:
name: ND Booking < 2.5 - Unauthenticated Options Change
author: popcorn94
severity: medium
description: |
The Hotel Booking WordPress plugin ND Booking < 2.5 was affected by an Unauthenticated Options Change security vulnerability.
impact: |
Unauthenticated attackers can modify WordPress plugin options, potentially enabling development mode or altering plugin configuration to facilitate further attacks or compromise site functionality.
remediation: |
Update the ND Booking plugin to version 2.5 or later.
reference:
- https://wpscan.com/vulnerability/fb211b8b-5c32-40df-b197-bb51fc
No writeups or analysis indexed.
https://threatpost.com/wordpress-plugins-exploited-in-ongoing-attack-researchers-warn/147671/https://wordpress.org/plugins/nd-booking/#developershttps://wpvulndb.com/vulnerabilities/9494https://threatpost.com/wordpress-plugins-exploited-in-ongoing-attack-researchers-warn/147671/https://wordpress.org/plugins/nd-booking/#developershttps://wpvulndb.com/vulnerabilities/9494
2019-08-29
Published
Exploited in the wild