CVE-2022-0720

CVE-2022-0720: Amelia < 1.0.47 - Customer+ Arbitrary Appointments Update and Sensitive Data Disclosure

Vendor Unknown

Product Amelia – Events & Appointments Booking Calendar

Weakness CWE-863 · Incorrect authorization

Published March 28, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.

Key dates

02Disclosure timeline

March 28, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0720

Related vulnerabilities

04Related CVE

CVE-2026-13508 khoj-ai khoj Conversation Sharing api_chat.py authorization CVE-2026-3210 Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011 CVE-2026-40350 Movary User Management (/settings/users) has Authorization Bypass that Allows Low-Privileged Users to Enumerate All Users and Create Administrator Accounts CVE-2026-41348 OpenClaw < 2026.3.31 - Group DM Channel Allowlist Bypass via Discord Slash Commands CVE-2024-31452 OpenFGA Authorization Bypass