3 matches found
CVE-2022-0825
The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it...
CVE-2022-0825
CVE-2022-0825 affects the WordPress Amelia plugin prior to 1.0.49. The vulnerability stems from improper authorization, enabling any authenticated customer to update other people’s booking status and to retrieve sensitive booking data (e.g., full name and phone number). This could lead to arbitra...
CVE-2022-0825 Amelia < 1.0.49 - Customer+ Arbitrary Appointments Status Update
The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it...