XSS Vulnerability Detected in RoomCloud Booking PlugIn for WordPress

XSS Vulnerability Detected in RoomCloud Booking PlugIn for WordPress

RoomCloud is described as Booking engine and Distribution system. RoomCloud offers a range of products, tools and advises suitable for hoteliers in the competitive environment of online sales.

Unfortunately, researchers have reported that a cross-site scripting bug has been discovered in the RoomCloud plugin for WordPress, which grants users the opportunity to make online reservations. It may not be considered a very popular service but the number of potential victims could be serious.

Personal travel details could be compromised if the vulnerability is exploited.

The XSS vulnerability allows attackers to identify customers’ travel data. Revealed details could include the duration of the stay, the number of adults and children, and related information.

Luckily, the bug was discovered and reported timely by the researcher Nitin Venkatesh. Not only he revealed the glitch, but he also published the proof-of-concept code to demonstrate the issue. He claims that the vulnerability comes from inadequately supported parameters.

Vulnerability addressed timely with the collaboration of WordPress.

Hotel administrators are encouraged to update the plugin to its latest version that has already been released by Venkatesh. In that relation, the WordPress team eagerly collaborated and pulled down the plugin three days after its discovery.

The vulnerability was discovered in RoomCloud’s version 1.1, build 1115307, and has been patched in build 1117499 of the same version.