cleantalk
Vulnerabilities and Security Researches

Booking for Appointments and Events Calendar – Amelia, CVE-2022-0825

CVE, Research URL

CVE-2022-0825

Home page URL

Security reports for Booking for Appointments and Events Calendar – Amelia

Application

Booking for Appointments and Events Calendar – Amelia

Published on
Apr 04, 2022
Research Description
The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.
Affected versions
Min -, max 1.0.49.
Status
vulnerable
Previous vulnerability researches
Booking for Appointments and Events Calendar – Amelia (CVE-2024-22298) , Jun 10, 2024
Booking for Appointments and Events Calendar – Amelia (CVE-2024-6225) , Jun 22, 2024
Booking for Appointments and Events Calendar – Amelia (CVE-2022-0616) , Jun 07, 2024
Booking for Appointments and Events Calendar – Amelia (CVE-2022-0687) , Jun 07, 2024
Booking for Appointments and Events Calendar – Amelia (CVE-2022-0720) , Jun 07, 2024
New vulnerability
Big Boom Directory (CVE-2024-13673) , Apr 04, 2025
LuckyWP Table of Contents (CVE-2025-2299) , Apr 04, 2025
Customizable WordPress Gallery Plugin – Modula Image Gallery (CVE-2024-9416) , Apr 04, 2025
Contact Form vCard Generator (CVE-2025-31582) , Apr 04, 2025
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2025-1663) , Apr 04, 2025