CVE-2022-0825

Name of the Vulnerable Software and Affected Versions Amelia WordPress plugin versions prior to 1.0.49

Description The issue concerns a lack of proper authorization when managing appointments. This allows any customer to update the booking status of others and retrieve sensitive information about bookings, including the full name and phone number of the person who made the booking.

Recommendations For versions prior to 1.0.49, update to version 1.0.49 or later to resolve the issue. As a temporary workaround, consider restricting access to appointment management features to minimize the risk of unauthorized updates or data retrieval.