The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/435ef99c-9210-46c7-80a4-09cd4d3d00cf | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-03-28T17:23:18
Updated: 2022-03-28T17:23:18
Reserved: 2022-02-22T00:00:00
Link: CVE-2022-0720
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-28T18:15:09.637
Modified: 2022-04-04T19:15:27.947
Link: CVE-2022-0720
JSON object: View
Redhat Information
No data.
CWE