5.5
CVE-2022-0720
- EPSS 0.61%
- Veröffentlicht 28.03.2022 18:15:09
- Zuletzt bearbeitet 21.11.2024 06:39:15
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginAmelia < 1.0.47 - Customer+ Arbitrary Appointments Update and Sensitive Data Disclosure
Appointment and Event Booking Calendar for WordPress - Amelia < 1.0.47 - Arbitrary Booking Update and Sensitive Data Exposure
The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.
Mögliche Gegenmaßnahme
Booking for Appointments and Events Calendar – Amelia: Update to version 1.0.47, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tms-outsource ≫ Amelia SwPlatformwordpress Version < 1.0.47
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Booking for Appointments and Events Calendar – Amelia
Version
[*, 1.0.47)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.61% | 0.444 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:P/I:P/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
https://wpscan.com/vulnerability/435ef99c-9210-46c7-80a4-09cd4d3d00cf
https://www.wordfence.com/threat-intel/vulnerabilities/id/60c2e8eb-d01b-44f2-8e0d-009ff00887fd