The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2693545 | Patch Third Party Advisory |
https://wpscan.com/vulnerability/1a92a65f-e9df-41b5-9a1c-8e24ee9bf50e | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-04-04T15:35:49
Updated: 2022-04-04T15:35:49
Reserved: 2022-03-02T00:00:00
Link: CVE-2022-0825
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-04T16:15:09.583
Modified: 2022-06-03T16:19:57.167
Link: CVE-2022-0825
JSON object: View
Redhat Information
No data.
CWE