CVE-2022-0837

Name of the Vulnerable Software and Affected Versions Amelia WordPress plugin versions prior to 1.0.48

Description The issue allows any customer to send paid test SMS notifications and retrieve sensitive information about the admin, such as email, account balance, and payment history. A malicious actor can abuse this to drain the account balance by sending SMS notifications.

Recommendations For versions prior to 1.0.48, update to version 1.0.48 or later to resolve the issue. As a temporary workaround, consider restricting access to the Amelia SMS service to prevent unauthorized use.