Unrated severityNVD Advisory· Published Apr 4, 2022· Updated Aug 2, 2024
Amelia < 1.0.49 - Customer+ Arbitrary Appointments Status Update
CVE-2022-0825
Description
The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- plugins.trac.wordpress.org/changeset/2693545mitrex_refsource_CONFIRM
- wpscan.com/vulnerability/1a92a65f-e9df-41b5-9a1c-8e24ee9bf50emitrex_refsource_MISC
News mentions
0No linked articles in our index yet.