CVE-2022-0825
MEDIUMAmelia < 1.0.49 - Incorrect Authorization in Appointment Management
Title source: llmDescription
The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/1a92a65f-e9df-41b5-9a1c-8e24ee9bf50e
Patch, Third Party Advisory x_refsource_confirm
https://plugins.trac.wordpress.org/changeset/2693545
Scores
CVSS v3
5.4
EPSS
0.0079
EPSS Percentile
51.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-863
Status
published
Products (1)
tms-outsource/amelia
< 1.0.49
Published
Apr 04, 2022
Tracked Since
Feb 18, 2026