cleantalk
Vulnerabilities and Security Researches

Booking for Appointments and Events Calendar – Amelia, CVE-2022-0837

CVE, Research URL

CVE-2022-0837

Home page URL

Security reports for Booking for Appointments and Events Calendar – Amelia

Application

Booking for Appointments and Events Calendar – Amelia

Published on
Apr 04, 2022
Research Description
The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious actor can abuse this vulnerability to drain out the account balance by keep sending SMS notification.
Affected versions
Min -, max 1.0.48.
Status
vulnerable
Previous vulnerability researches
Booking for Appointments and Events Calendar – Amelia (CVE-2024-22298) , Jun 10, 2024
Booking for Appointments and Events Calendar – Amelia (CVE-2024-6225) , Jun 22, 2024
Booking for Appointments and Events Calendar – Amelia (CVE-2022-0616) , Jun 07, 2024
Booking for Appointments and Events Calendar – Amelia (CVE-2022-0687) , Jun 07, 2024
Booking for Appointments and Events Calendar – Amelia (CVE-2022-0720) , Jun 07, 2024
New vulnerability
Big Boom Directory (CVE-2024-13673) , Apr 04, 2025
LuckyWP Table of Contents (CVE-2025-2299) , Apr 04, 2025
Customizable WordPress Gallery Plugin – Modula Image Gallery (CVE-2024-9416) , Apr 04, 2025
Contact Form vCard Generator (CVE-2025-31582) , Apr 04, 2025
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2025-1663) , Apr 04, 2025