The WP Hotel Booking Plugin is a popular WordPress Plugin that provides a complete Hotel Booking System to manage rooms, customers, bookings, coupons, reviews, and many more features.
Recently, researchers identified a critical security vulnerability in this plugin named “Authenticated (Subscriber+) Arbitrary File Upload Vulnerability (CVE-2024-7855)” in versions up to 2.1.2.
So Let’s understand what this vulnerability is, how it works, how it can impact your website, and also security measures to prevent your website from this vulnerability.
What is a WP Hotel Booking Plugin?
WP Hotel Booking is a WordPress plugin used in more than 8,000 WordPress Websites.
It provides many features such as Hotel room management, Booking management, customer management, coupon management, and so on.
It also provides review features that logged-in users or subscribers can write reviews about rooms on the website.
However, It’s a complete plugin for the Hotel Booking Management System.
What is Arbitrary File Upload Vulnerability?
Arbitrary File Upload is a security vulnerability that allows an attacker to upload malicious files to a server without proper restrictions or validation.
These files can include scripts or executables that may compromise the server, as a result, leading to data theft, privilege escalation, or complete server control.
How does this Vulnerability work?
WP Hotel Booking Plugin is vulnerable to Arbitrary File Upload vulnerability due to missing File Type validation in update_review() in all versions up to 2.1.2.
This Plugin provides a feature to add a review and upload any image in that review using update_review() in the WPHB_Comments class. But this function fails to validate the file type here.
When a user uploads an image through the review option, the update_review() function is called, and the image is uploaded directly to the publicly accessible Uploads folder using file_put_contents().
This function does not check any file type or extension due to which any file can be uploaded including the .php extension.
This allows an authenticated attacker (Subscriber-level or higher) to upload malicious files or PHP code, potentially enabling remote code execution.
Impact of this Vulnerability on the website
This vulnerability can cause several impacts on any websites mentioned below;
- Authenticated users with subscriber-level access or higher can upload malicious files, as a result leading to a complete site takeover.
- Attackers may access sensitive information, including customer details and booking records, resulting in data breaches.
- Malicious actors could elevate their access rights, gaining administrative control over the website.
- Exploiting this vulnerability might allow attackers to disrupt website functionality, causing downtime and affecting business operations.
- An attacker can modify/delete/create any file on the server by using this vulnerability.
What are the Security Flaws in this plugin?
Missing File Type Validation: This does not check the file type of the uploaded image. There is no file type or extension checking algorithm implemented in this code.
Unrestricted Access to Upload Directory: There are no restrictions for the upload directory where images are uploaded.
By default, images are uploaded into the WordPress Upload directory (wp_upload_dir) and this directory is accessible publicly by default.
How to Prevent your website from this vulnerability?
To prevent your website from this vulnerability, you can follow any of the techniques mentioned below;
- Update WP Hotel Booking Plugin: The best way to prevent your website is to Update this plugin to the latest version through the WordPress Admin Dashboard. Plugin developers have already fixed this issue and provided the patched version in the latest plugin. So Update your WP Hotel Booking plugin to 2.1.3 or higher.
To upgrade your plugin to the latest version, First, go to WordPress Admin Dashboard → go to Plugins → WP Hotel Booking → Click on Update (As shown in the screenshot below).
If there are no options available to update the plugin, then go to the official WordPress plugin website.
Download the plugin from there, and upload it into your WordPress plugin’s upload option – https://wordpress.org/plugins/wp-hotel-booking/.
- Limit Permissions: Restrict file upload functionality to authenticated users with specific roles (e.g., admin).
- Disable Direct Access to Upload Directory: Prevent execution of scripts in upload directories by disabling direct access.
- Use a Web Application Firewall (WAF): AWS WAF can help detect and block malicious activities, including attempts to exploit this kind of vulnerability.
Conclusion
In this blog, we have discussed the WP Hotel Booking Plugin Vulnerability, how this vulnerability works, the reason behind this, security flaws, and preventive measures as well.
Preventing Arbitrary File Upload vulnerabilities is crucial to securing your WordPress site from potential attacks.
Keeping plugins updated, restricting user permissions, and securing the uploads folder can safeguard your websites.
So We have to be aware of these types of vulnerabilities, keep performing regular security audits, and always use updated versions of plugins.
Need Help?
Was this guide helpful? Please share your feedback in the comments below.
In case you have any issues/queries regarding the module please raise a ticket at https://webkul.uvdesk.com/en/customer/create-ticket/
For any further information or query contact us at support@webkul.com.