CVE-2022-0720

{"id": "CVE-2022-0720", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2022-03-28T18:15:09.637", "references": [{"url": "https://wpscan.com/vulnerability/435ef99c-9210-46c7-80a4-09cd4d3d00cf", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/435ef99c-9210-46c7-80a4-09cd4d3d00cf", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it."}, {"lang": "es", "value": "El plugin Amelia de WordPress versiones anteriores a 1.0.47, no dispone de una autorizaci\u00f3n adecuada cuando administra las citas, lo que permite a cualquier cliente actualizar la reserva de otro, as\u00ed como recuperar informaci\u00f3n confidencial sobre las reservas, como el nombre completo y el n\u00famero de tel\u00e9fono de la persona que la ha reservado"}], "lastModified": "2024-11-21T06:39:15.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tms-outsource:amelia:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "68626433-8C2F-452D-94CF-FB37BA2F9B70", "versionEndExcluding": "1.0.47"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}