Vulnerability Details CVE-2022-0837
The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious actor can abuse this vulnerability to drain out the account balance by keep sending SMS notification.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.5%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 5.5
References
Products affected by CVE-2022-0837
-
cpe:2.3:a:tms-outsource:amelia:-
-
cpe:2.3:a:tms-outsource:amelia:1.0
-
cpe:2.3:a:tms-outsource:amelia:1.0.1
-
cpe:2.3:a:tms-outsource:amelia:1.0.10
-
cpe:2.3:a:tms-outsource:amelia:1.0.11
-
cpe:2.3:a:tms-outsource:amelia:1.0.12
-
cpe:2.3:a:tms-outsource:amelia:1.0.13
-
cpe:2.3:a:tms-outsource:amelia:1.0.14
-
cpe:2.3:a:tms-outsource:amelia:1.0.15
-
cpe:2.3:a:tms-outsource:amelia:1.0.16
-
cpe:2.3:a:tms-outsource:amelia:1.0.17
-
cpe:2.3:a:tms-outsource:amelia:1.0.18
-
cpe:2.3:a:tms-outsource:amelia:1.0.19
-
cpe:2.3:a:tms-outsource:amelia:1.0.2
-
cpe:2.3:a:tms-outsource:amelia:1.0.20
-
cpe:2.3:a:tms-outsource:amelia:1.0.21
-
cpe:2.3:a:tms-outsource:amelia:1.0.22
-
cpe:2.3:a:tms-outsource:amelia:1.0.23
-
cpe:2.3:a:tms-outsource:amelia:1.0.24
-
cpe:2.3:a:tms-outsource:amelia:1.0.25
-
cpe:2.3:a:tms-outsource:amelia:1.0.26
-
cpe:2.3:a:tms-outsource:amelia:1.0.27
-
cpe:2.3:a:tms-outsource:amelia:1.0.28
-
cpe:2.3:a:tms-outsource:amelia:1.0.29
-
cpe:2.3:a:tms-outsource:amelia:1.0.3
-
cpe:2.3:a:tms-outsource:amelia:1.0.30
-
cpe:2.3:a:tms-outsource:amelia:1.0.31
-
cpe:2.3:a:tms-outsource:amelia:1.0.32
-
cpe:2.3:a:tms-outsource:amelia:1.0.33
-
cpe:2.3:a:tms-outsource:amelia:1.0.34
-
cpe:2.3:a:tms-outsource:amelia:1.0.35
-
cpe:2.3:a:tms-outsource:amelia:1.0.36
-
cpe:2.3:a:tms-outsource:amelia:1.0.37
-
cpe:2.3:a:tms-outsource:amelia:1.0.38
-
cpe:2.3:a:tms-outsource:amelia:1.0.39
-
cpe:2.3:a:tms-outsource:amelia:1.0.4
-
cpe:2.3:a:tms-outsource:amelia:1.0.40
-
cpe:2.3:a:tms-outsource:amelia:1.0.41
-
cpe:2.3:a:tms-outsource:amelia:1.0.42
-
cpe:2.3:a:tms-outsource:amelia:1.0.43
-
cpe:2.3:a:tms-outsource:amelia:1.0.44
-
cpe:2.3:a:tms-outsource:amelia:1.0.45
-
cpe:2.3:a:tms-outsource:amelia:1.0.46
-
cpe:2.3:a:tms-outsource:amelia:1.0.47
-
cpe:2.3:a:tms-outsource:amelia:1.0.5
-
cpe:2.3:a:tms-outsource:amelia:1.0.6
-
cpe:2.3:a:tms-outsource:amelia:1.0.7
-
cpe:2.3:a:tms-outsource:amelia:1.0.8
-
cpe:2.3:a:tms-outsource:amelia:1.0.9