Sensitive Data Disclosure in WordPress Plugin Amelia < 1.0.49

[utterances-bot]

Sensitive Data Disclosure in WordPress Plugin Amelia < 1.0.49

Amelia is a WordPress plugin for booking systems developed by TNS. With 40,000+ active installations, it has been used for the clinic, hair salon, tutor, and so on.In March, we studied the source code of Amelia and found three vulnerabilities in the end

https://tech-blog.cymetrics.io/en/posts/huli/amelia-wordpress-plugin-sensitive-data-exposure-detail/

[lananas1]

Thank you so much for this post.
It's so helpful! I still don't get how to include authorization to a POST API call though, is this with nonce? I'm getting permission issues. Do you have an example of how to use the API to book an appointment slot?
Thanks again