CVE-2024-3605
published 2024-06-20CVE-2024-3605: The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in…
PriorityP182critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.19%
89.7th percentile
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| thimpress | wp_hotel_booking | <= 2.1.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma
WP Hotel Booking = 6'
- 'status_code == 200'
- 'contains(body, "{\"status\":\"")'
condition: and
# digest: 4a0a004730450220227f6af59ed93bf357cd488b24b40c1127a8bf52b2a5b3e576a5c8f09f3e6379022100a1370c23c67803691476b9ae835c9d91de886d9a22b45ae983fec84517872301:922c64590222798bb761d5b6d8e72950- →Monitor unauthenticated HTTP requests to the REST API endpoint /wphb/v1/rooms/search-rooms, particularly those with a manipulated or anomalous 'room_type' parameter value (e.g., containing SQL metacharacters such as quotes, UNION, or comment sequences). ↗
- →Detection rule targets HTTP 200 responses to the WP Hotel Booking endpoint that contain the JSON key '{"status":"' in the response body, which can indicate successful SQL injection data extraction.
- →The vulnerability is exploitable by unauthenticated attackers; alert on REST API calls to /wphb/v1/rooms/search-rooms that lack authentication headers and include SQL injection payloads in the room_type parameter. ↗
- ·All versions of WP Hotel Booking up to and including 2.1.0 are affected; ensure detection/blocking rules are scoped to sites running these versions. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g362-xvhf-cmg9: The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API end
ghsa_unreviewed·2024-06-20
CVE-2024-3605 [CRITICAL] CWE-89 GHSA-g362-xvhf-cmg9: The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API end
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
VulnCheck
thimpress wp_hotel_booking Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2024·CVSS 10.0
CVE-2024-3605 [CRITICAL] thimpress wp_hotel_booking Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
thimpress wp_hotel_booking Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected: thimpress wp_hotel_booking
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations ar
No detection rules found.
Nuclei
WP Hotel Booking <= 2.1.0 - SQL Injection
nuclei·CVSS 9.8
CVE-2024-3605 [CRITICAL] WP Hotel Booking <= 2.1.0 - SQL Injection
WP Hotel Booking = 6'
- 'status_code == 200'
- 'contains(body, "{\"status\":\"")'
condition: and
# digest: 4a0a004730450220227f6af59ed93bf357cd488b24b40c1127a8bf52b2a5b3e576a5c8f09f3e6379022100a1370c23c67803691476b9ae835c9d91de886d9a22b45ae983fec84517872301:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3105864%40wp-hotel-booking&new=3105864%40wp-hotel-booking&sfp_email=&sfph_mail=https://wordpress.org/plugins/wp-hotel-booking/https://www.wordfence.com/threat-intel/vulnerabilities/id/5931ad4e-7de3-41ac-b783-f7e58aaef569?source=cvehttps://wordpress.org/plugins/wp-hotel-booking/https://www.wordfence.com/threat-intel/vulnerabilities/id/5931ad4e-7de3-41ac-b783-f7e58aaef569?source=cve
2024-06-20
Published
Exploited in the wild