CVE-2022-0825

CVE-2022-0825: Amelia < 1.0.49 - Customer+ Arbitrary Appointments Status Update

Vendor Unknown

Product Amelia – Events & Appointments Booking Calendar

Weakness CWE-863 · Incorrect authorization

Published April 4, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.

Key dates

02Disclosure timeline

April 4, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0825

Related vulnerabilities

04Related CVE

CVE-2024-41939 CVE-2026-42426 OpenClaw < 2026.4.8 - Improper Authorization in node.pair.approve via operator.write Scope CVE-2024-26016 Apache Superset: Improper authorization validation on dashboards and charts import CVE-2022-39214 Authenticated users of Combodo iTop can take over any account CVE-2026-26230 Team Admin Privilege Escalation to Demote Members to Guest