CVE-2025-22785 Scanner

The Course Booking System plugin for WordPress is widely used by educational institutions and businesses for managing course bookings online. It allows students and participants to register for courses, view upcoming schedules, and make payments through a seamless and interactive platform. Administrators utilize the system for handling enrollments, updating course information, and tracking attendance. The plugin integrates with WordPress, providing a user-friendly interface for both the backend management and front-end user interaction. Its popularity is largely due to its flexibility in handling course-based events and robust reporting functionalities. Additionally, the plugin is favored for its capacity to handle a high volume of bookings efficiently.

The vulnerability in the Course Booking System is due to a lack of input sanitation in certain SQL queries. This security flaw allows unauthorized users to interact with the backend database in unintended ways, potentially leading to data exposure. The issue arises from improper handling of user-supplied parameters, which can be manipulated to execute arbitrary SQL commands. This exposure can provide attackers with insights into the database schema, and enables the retrieval of confidential information like user credentials and private user data. The vulnerability exists as a result of insufficient query preparation and escaping in versions up to and including 6.0.6. Proactively addressing this issue is critical to maintaining data security and user confidentiality.

The technical manifestation of this SQL Injection vulnerability is found in the user input field related to the booking deletion action. Affected versions allow unauthorized SQL commands to be appended to legitimate queries, executed by the database engine. This occurs due to a lack of proper input validation and parameterized queries in the process of booking management. An example payload that exploits this flaw would involve additional SQL queries embedded within a POST request to the 'admin-ajax.php' endpoint. The nature of this vulnerability allows adversaries to execute long-running database operations, like triggering time delays, which can confirm the presence of the issue on the server being tested.

Exploiting this vulnerability could have severe implications for systems running vulnerable versions of the Course Booking System. Attackers may gain access to sensitive data stored in the database, including user details, passwords, and payment information. Such unauthorized access might result in data breaches, financial loss, and legal implications for affected organizations. Furthermore, repeated exploitation could lead to database corruption or deletion of critical booking information, severely disrupting operational capacities. It also poses a heightened risk of the affected system being used as a vector for further cyber attacks on related systems.

REFERENCES

• https://nvd.nist.gov/vuln/detail/CVE-2025-22785
• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/course-booking-system/course-booking-system-605-unauthenticated-sql-injection