5.5
CVE-2022-0825
- EPSS 0.19%
- Veröffentlicht 04.04.2022 16:15:09
- Zuletzt bearbeitet 21.11.2024 06:39:28
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginAppointment and Event Booking Calendar for WordPress – Amelia < 1.0.49 - Arbitrary Booking Update and Sensitive Data Exposure
The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.
Mögliche Gegenmaßnahme
Booking for Appointments and Events Calendar – Amelia: Update to version 1.0.49, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Booking for Appointments and Events Calendar – Amelia
Version
[*, 1.0.49)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tms-outsource ≫ Amelia SwPlatformwordpress Version < 1.0.49
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.407 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:P/I:P/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.