Tms-Outsource: >> Amelia >> 1.0.22 Security Vulnerabilities
The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role.
CVSS Score
8.8
EPSS Score
0.008
Published
2022-03-21
The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack
CVSS Score
4.3
EPSS Score
0.001
Published
2022-03-21
Page 2