Amelia is a WordPress plugin for booking systems developed by TNS. With 40,000+ active installations, it has been used for the clinic, hair salon, tutor, and so on.
In March, we studied the source code of Amelia and found three vulnerabilities in the end:
CVE-2022-0720 Amelia < 1.0.47 - Customer+ Arbitrary Appointments Update and Sensitive Data Disclosure (CVSS 6.3)
CVE-2022-0825 Amelia < 1.0.49 - Customer+ Arbitrary Appointments Status Update (CVSS 6.3)
CVE-2022-0837 Amelia < 1.0.48 - Customer+ SMS Service Abuse and Sensitive Data Disclosure (CVSS 5.4)
By exploiting these vulnerabilities, a malicious actor could get all the customer’s data, including name, phone, and booking details.
In this article, I will talk about the code structure of Amelia and the details of three vulnerabilities.