CVE-2024-9263

The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to reset the emails and passwords of arbitrary user accounts, including administrators, which makes account takeover and privilege escalation possible.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/timetics/tags/1.0.25/core/customers/customer.php#L299
https://plugins.trac.wordpress.org/changeset/3169771/timetics/trunk/core/customers/api-customer.php
https://plugins.trac.wordpress.org/changeset/3169771/timetics/trunk/core/customers/customer.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/74bd595b-d2fa-4c62-82d2-dba2c2b128f0?source=cve

Configurations

No configuration.

History

18 Oct 2024, 12:53

Type	Values Removed	Values Added
Summary		(es) El complemento WP Timetics - AI-powered Appointment Booking Calendar and Online Scheduling Plugin para WordPress es vulnerable a la apropiación de cuentas/escalada de privilegios a través de una referencia directa a objetos insegura en todas las versiones hasta la 1.0.25 incluida a través de save() debido a la falta de validación en una clave controlada por el usuario. Esto hace posible que atacantes no autenticados restablezcan los correos electrónicos y las contraseñas de cuentas de usuario arbitrarias, incluidos los administradores, lo que hace posible la apropiación de cuentas y la escalada de privilegios.

17 Oct 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-17 04:15

Updated : 2024-10-18 12:53

NVD link : CVE-2024-9263

Mitre link : CVE-2024-9263

CVE.ORG link : CVE-2024-9263

JSON object : View

Products Affected

No product.

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2024-9263", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-10-17T04:15:05.517", "references": [{"url": "https://plugins.trac.wordpress.org/browser/timetics/tags/1.0.25/core/customers/customer.php#L299", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/3169771/timetics/trunk/core/customers/api-customer.php", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/3169771/timetics/trunk/core/customers/customer.php", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/74bd595b-d2fa-4c62-82d2-dba2c2b128f0?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to reset the emails and passwords of arbitrary user accounts, including administrators, which makes account takeover and privilege escalation possible."}, {"lang": "es", "value": "El complemento WP Timetics - AI-powered Appointment Booking Calendar and Online Scheduling Plugin para WordPress es vulnerable a la apropiaci\u00f3n de cuentas/escalada de privilegios a trav\u00e9s de una referencia directa a objetos insegura en todas las versiones hasta la 1.0.25 incluida a trav\u00e9s de save() debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto hace posible que atacantes no autenticados restablezcan los correos electr\u00f3nicos y las contrase\u00f1as de cuentas de usuario arbitrarias, incluidos los administradores, lo que hace posible la apropiaci\u00f3n de cuentas y la escalada de privilegios."}], "lastModified": "2024-10-18T12:53:04.627", "sourceIdentifier": "security@wordfence.com"}

9.8 /10