The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack.
Unauthenticated attackers can remotely delete customer data in the WPBookit WordPress plugin due to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw allows an attacker to trick a logged-in administrator into unknowingly deleting customer records, leading to data loss and potential service disruption. Successful exploitation requires no authentication, posing a significant risk to websites using the vulnerable plugin.
Step 1: Victim Login: The targeted administrator is logged into the WordPress admin panel and has the WPBookit plugin installed and activated.
Step 2: Attacker Crafting: The attacker crafts a malicious HTML page or email containing a hidden form or JavaScript code that automatically submits a DELETE request to the vulnerable WPBookit endpoint (likely a URL related to customer deletion).
Step 3: Payload Delivery: The attacker lures the administrator to visit the malicious page or open the malicious email. This could be through phishing, social engineering, or other means.
Step 4: Request Execution: When the administrator's browser loads the malicious page or executes the JavaScript, the hidden form or script automatically sends a DELETE request to the WPBookit plugin's customer deletion endpoint. This request is sent with the administrator's existing session cookies.
Step 5: Vulnerability Trigger: Because the plugin lacks CSRF protection, it processes the DELETE request without verifying the origin or the presence of a valid CSRF token.
Step 6: Customer Deletion: The plugin executes the customer deletion operation, removing the specified customer record from the database.
Step 7: Data Loss: The targeted customer's data is permanently deleted, causing data loss and potentially disrupting the website's functionality.
The vulnerability stems from a missing CSRF protection mechanism within the WPBookit plugin's customer deletion functionality. Specifically, the plugin's code does not validate a CSRF token when processing requests to delete customer records. This allows an attacker to craft a malicious request that, when executed by a logged-in administrator, will trigger the deletion of a specified customer. The root cause is a lack of proper input validation and authorization checks, specifically the absence of a CSRF token verification before executing the customer deletion operation. This allows an attacker to forge a request that appears legitimate to the server, leading to unauthorized data modification.