CVE-2022-0834 – The Amelia WordPress plugin has a stored cross-... (How to Fix)

📋 TL;DR

The Amelia WordPress plugin has a stored cross-site scripting (XSS) vulnerability in versions up to 1.0.46. Attackers can inject malicious scripts via the lastName parameter in booking calendar entries, which execute when users view those entries. This affects all WordPress sites using vulnerable Amelia plugin versions.

💻 Affected Systems

Products:

Amelia WordPress Booking Plugin

Versions: Versions up to and including 1.0.46

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the Amelia plugin to be installed and active on WordPress sites.

📦 What is this software?

Amelia by Wpamelia

View all CVEs affecting Amelia →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, deface websites, or redirect users to malicious sites.

🟠

Likely Case

Attackers inject malicious scripts that steal user session data or perform limited unauthorized actions when users view compromised booking entries.

🟢

If Mitigated

With proper input validation and output escaping, malicious scripts would be neutralized before execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires creating or modifying booking entries with malicious payloads in the lastName field.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.0.47 and later

Vendor Advisory: https://wordpress.org/plugins/ameliabooking/

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find Amelia plugin and click 'Update Now'
4. Verify version is 1.0.47 or higher

🔧 Temporary Workarounds

Input Validation Filter

all

Add custom input validation for lastName parameter

Add sanitization filter in WordPress functions.php or custom plugin

🧯 If You Can't Patch

Disable the Amelia plugin temporarily
Implement web application firewall (WAF) rules to block XSS payloads in lastName parameter

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Amelia → Version number. If version is 1.0.46 or lower, system is vulnerable.

Check Version:

wp plugin get ameliabooking --field=version

Verify Fix Applied:

After updating, verify version is 1.0.47 or higher and test booking functionality with safe test payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual booking entries with script tags in lastName field
Multiple failed booking attempts with suspicious parameters

Network Indicators:

HTTP requests with script tags in lastName parameter
Unusual outbound connections from booking pages

SIEM Query:

source="wordpress" AND ("lastName" AND ("<script>" OR "javascript:" OR "onerror="))

📊 Metadata

CVE ID: CVE-2022-0834

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: March 23, 2022

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0834, you might also want to check these: