Amelia Booking Vulnerable to Missing Authorization
CVE-2024-22298

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Amelia
Vendor: CVE Published:; 10 June 2024

Summary

The TMS Amelia Booking Plugin suffers from a significant missing authorization vulnerability that can potentially allow unauthorized users to access restricted features or data. This issue affects versions up to 1.0.98, revealing a flaw in the plugin's access control mechanisms. Proper measures should be taken to ensure that all users must authenticate adequately before accessing sensitive functionalities, protecting both the site owner and the end-users.

Affected Version(s)

Amelia <= 1.0.98

References

https://patchstack.com/database/vulnerability/ameliabooki...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 10, 2024
Vulnerability Reserved
Jan 8, 2024

Credit

Abdi Pranata (Patchstack Alliance)