CVE-2022-0616: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2022-0616 affects the WordPress plugin Amelia versions below 1.0.46. It was discovered and publicly disclosed on February 23, 2022, by security researcher Muhamad Hidayat. The vulnerability is a Cross-Site Request Forgery (CSRF) issue that allows arbitrary customer deletion in the Amelia booking plugin (WPScan).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) with a CVSS score of 5.4 (medium severity). The technical issue stems from the plugin's lack of CSRF checks when deleting customers, which could enable attackers to trick logged-in administrators into deleting arbitrary customers through a CSRF attack. The vulnerability is categorized under CWE-352 and falls under the OWASP Top 10 category A2: Broken Authentication and Session Management (WPScan).

The exploitation of this vulnerability could result in unauthorized deletion of customer records from the Amelia booking system when a logged-in administrator unknowingly triggers the malicious CSRF payload (WPScan).

The vulnerability has been fixed in Amelia version 1.0.46. Users are advised to update their Amelia plugin to this version or later to mitigate the risk (WPScan, Trustwave).