CVE-2023-2834

Name of the Vulnerable Software and Affected Versions BookIt plugin for WordPress versions up to, and including, 2.3.7

Description The BookIt plugin for WordPress has an authentication bypass issue due to insufficient verification of the user being supplied during booking an appointment through the plugin. This allows unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. The plugin provides a shortcode 'bookit' for embedding a booking calendar into a WordPress site page. By using this functionality, after selecting a date and time in the calendar, it is possible to book an appointment by specifying a name, email address, and password for registration. The plugin checks the user ID based on the email address specified through the email parameter. If the email belongs to an existing WordPress user, it associates the request with that user and sets authentication cookies for them. Unfortunately, this functionality was implemented insecurely, as it does not include any authentication checks, such as password verification. It simply looks for identity and allows the action without proper verification and authentication. This gives attackers the ability to bypass authentication and gain access to arbitrary accounts on sites with the vulnerable plugin version.

Recommendations For BookIt plugin for WordPress versions up to, and including, 2.3.7, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the booking functionality through the 'bookit' shortcode until a patch is available. Restrict access to the booking calendar to minimize the risk of exploitation. Avoid using the email parameter in the booking functionality until the issue is resolved.