cbcvebase.
CVE-2024-3605
published 2024-06-20

CVE-2024-3605: The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in…

PriorityP182critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.19%
89.7th percentile
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Affected

1 ranges
VendorProductVersion rangeFixed in
thimpresswp_hotel_booking<= 2.1.0

Detection & IOCsextracted from sources · hover to see the quote

url/wphb/v1/rooms/search-rooms
otherroom_type
sigma
WP Hotel Booking = 6'
- 'status_code == 200'
- 'contains(body, "{\"status\":\"")'
condition: and
# digest: 4a0a004730450220227f6af59ed93bf357cd488b24b40c1127a8bf52b2a5b3e576a5c8f09f3e6379022100a1370c23c67803691476b9ae835c9d91de886d9a22b45ae983fec84517872301:922c64590222798bb761d5b6d8e72950
  • Monitor unauthenticated HTTP requests to the REST API endpoint /wphb/v1/rooms/search-rooms, particularly those with a manipulated or anomalous 'room_type' parameter value (e.g., containing SQL metacharacters such as quotes, UNION, or comment sequences).
  • Detection rule targets HTTP 200 responses to the WP Hotel Booking endpoint that contain the JSON key '{"status":"' in the response body, which can indicate successful SQL injection data extraction.
  • The vulnerability is exploitable by unauthenticated attackers; alert on REST API calls to /wphb/v1/rooms/search-rooms that lack authentication headers and include SQL injection payloads in the room_type parameter.
  • ·All versions of WP Hotel Booking up to and including 2.1.0 are affected; ensure detection/blocking rules are scoped to sites running these versions.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.