5.5
CVE-2022-0825
- EPSS 0.79%
- Veröffentlicht 04.04.2022 16:15:09
- Zuletzt bearbeitet 21.11.2024 06:39:28
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginAmelia < 1.0.49 - Customer+ Arbitrary Appointments Status Update
Appointment and Event Booking Calendar for WordPress – Amelia < 1.0.49 - Arbitrary Booking Update and Sensitive Data Exposure
The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.
Mögliche Gegenmaßnahme
Booking for Appointments and Events Calendar – Amelia: Update to version 1.0.49, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tms-outsource ≫ Amelia SwPlatformwordpress Version < 1.0.49
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Booking for Appointments and Events Calendar – Amelia
Version
[*, 1.0.49)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.79% | 0.514 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:P/I:P/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
https://plugins.trac.wordpress.org/changeset/2693545
https://wpscan.com/vulnerability/1a92a65f-e9df-41b5-9a1c-8e24ee9bf50e
https://www.wordfence.com/threat-intel/vulnerabilities/id/25a80b0b-2636-45c1-92e5-bd62c8a4ab20