Amelia < 1.0.48 - Customer+ SMS Service Abuse and Sensitive Data Disclosure

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious actor can abuse this vulnerability to drain out the account balance by keep sending SMS notification.

N/A

N/A

WordPress plugin Amelia安全漏洞

WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin Amelia存在安全漏洞，该漏洞允许任何客户发送付费测试SMS通知，以及检索有关管理员的敏感信息，如电子邮件、帐户余额和支付历史记录。恶意参与者可以利用此漏洞通过持续发送短信通知来耗尽帐户余额。

N/A

N/A