Broken Access Control vulnerability issue for version 1.0.96

  • Resolved Robin Roelofsen

    (@robinroelofsen)


    10 months ago

    Keep getting mails from Solid Security that WordPress Amelia 1.0.96 has a Broken Access Control vulnerability problem. Any idea?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author ameliabooking

    (@ameliabooking)

    Hello Robin, thank you for reaching out to us.

    Can you please provide us with the whole email content and we will have this checked?

    Looking forward to your reply.

    Thread Starter Robin Roelofsen

    (@robinroelofsen)

    Forwarding is a bit difficult?since it’s a Dutch language mail. This is the report Solid Security created on my site. Hope this helps:

    Known Vulnerabilities

    Blocklist

    Raw Details

    id               => 1013
module           => site-scanner
type             => critical-issue
code             => vulnerable-software
timestamp        => 2024-01-31 22:01:24
init_timestamp   => 2024-01-31 22:01:23
remote_ip        => 185.104.29.24
user_id          => [empty string]
url              => wp-cron
memory_current   => 104806728
memory_peak      => 104828736
data             => Array
    results   => Array
        url       => https://robinroelofsen.nl
        version   => 1.1
        entries   => Array
            blacklist         => Array
                0   => Array
                    report_details   => https://transparencyreport.google.com/safe-browsing/search?url=robinroelofsen.nl
                    status           => clean
                    vendor           => Array
                        slug    => google
                        label   => Google Safe Browsing
            vulnerabilities   => Array
                0   => Array
                    type       => plugin
                    software   => Array
                        slug             => ameliabooking
                        label            => Amelia
                        latest_version   => null
                    issues     => Array
                        0   => Array
                            title               => WordPress Amelia plugin <= 1.0.96 - Broken Access Control vulnerability
                            description         => Broken Access Control vulnerability discovered by Abdi Pranata (Patchstack Alliance) in WordPress Plugin Amelia (versions <= 1.0.96)
                            affected_in         => <= 1.0.96
                            fixed_in            => [empty string]
                            references          => Array
                                0   => Array
                                    slug    => patchstack
                                    label   => PatchStack
                                    refs    => Array( 1 )
                                1   => Array
                                    slug    => cve
                                    label   => CVE
                                    refs    => Array( 1 )
                            type                => Array
                                label   => Broken Access Control
                                slug    => [empty string]
                            id                  => ps-16021
                            created_at          => 2024-01-17T15:09:06+00:00
                            updated_at          => 2024-01-17T15:09:06+00:00
                            published_at        => 2024-01-17T15:08:55+00:00
                            score               => [double] 5.3
                            score_group         => [empty string]
                            score_vector        => [empty string]
                            is_exploited        => [boolean] false
                            patched_in_ranges   => Array()
                    link       => https://itsec-site-scanner.ithemes.com/vulnerability-details/djIubG9jYWwuV0J0WGNqd3h2cFNDbE9GanFsNmpWY0RsbFcwdF9KdjFpZ3lVYlRmSENMNjlHSFJERjJSVEJDbkE3SHNaUTVucjRweDhwaDFCT3E4Z3Y2WU5OeEplcmFwOFNQd3ZEMG9KTEN5S2paQnJXQ3hmZkFrVEhQS1pYbGpFcHloUmF4SWFSSFVxYzZEWFlSUUc5aHVGdmxzT2JGcGJxaU9rQURsRnFQb0FKb0lkbUEzX2oxV3k3WDJCcmkyYXFFazNLbi1GWkE1c0tRTFhNbGdCTmNFSEp6VG5TbUpGRHdXWU95T2ptekdPSmtMNTI2RnZwMXpJSkxNQnZhMlVndzJ0Q2FJNGNLLUl3bXVlcGFoWHl4VzUtQlJkd3BaQ2hPNWtpUnNMYjVfV09aV1FobTFaQ21nQXhReno3LUNaMWpoeGtYYnBDUkQ4cENzOGVkLTk2b0xsVm9fVHN3SWctc2RDNHZ4NHNyeDF5MkNnT24zVVo2RmRJd2tuaVR6UW5tZE1pRWRld2c%253D
        errors    => Array()
    cached    => [boolean] false
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Broken Access Control vulnerability issue for version 1.0.96’ is closed to new replies.