2 matches found
CVE-2022-0837 Amelia < 1.0.48 - Customer+ SMS Service Abuse and Sensitive Data Disclosure
The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious...
CVE-2022-0837
The CVE concerns the Amelia WordPress plugin (before 1.0.48) with an authorization flaw in the Amelia SMS service. The vulnerability allows any authenticated customer to perform paid test SMS notifications and to access admin data (email, balance, and payment history), enabling account draining b...