CVE-2022-0616 Amelia < 1.0.46 - Arbitrary Customer Deletion via CSRF

2022-03-2118:55:50

CWE-352

WPScan

www.cve.org

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.1%

JSON

The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack

CNA Affected

[
  {
    "product": "Amelia – Events & Appointments Booking Calendar",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.0.47",
        "status": "affected",
        "version": "1.0.47",
        "versionType": "custom"
      }
    ]
  }
]