Vulnerabilidades en ameliabooking

19 resultados

CVE-2026-5465HIGHAmelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' ParameterEPSS 0.6%CVE-2023-6808MEDIUMBooking for Appointments and Events Calendar – Amelia <= 1.0.93 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcodeEPSS 0.5%CVE-2022-0834HIGHAmelia <= 1.0.46 - Stored Cross Site Scripting via lastNameEPSS 0.5%CVE-2024-1484MEDIUMBooking for Appointments and Events Calendar – Amelia <= 1.0.98 - Reflected Cross-Site ScriptingEPSS 0.5%CVE-2026-6449MEDIUMBooking for Appointments and Events Calendar – Amelia <= 2.1.2 - Unauthenticated Authorization Bypass via Remote Approval EndpointEPSS 0.5%CVE-2024-6552MEDIUMBooking for Appointments and Events Calendar – Amelia <= 1.2 - Unauthenticated Full Path DisclosureEPSS 0.4%CVE-2025-26965MEDIUMWordPress Amelia plugin <= 1.2.16 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2026-2931HIGHAmelia Booking <= 9.1.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password ChangeEPSS 0.4%CVE-2026-4668MEDIUMAmelia <= 2.1.2 - Authenticated (Manager+) SQL Injection via 'sort' ParameterEPSS 0.4%CVE-2024-6332MEDIUMBooking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.4 - Missing Authorization to Sensitive Information ExposureEPSS 0.4%CVE-2025-2578MEDIUMBooking for Appointments and Events Calendar – Amelia <= 1.2.19 - Unauthenticated Full Path DisclosureEPSS 0.3%CVE-2026-24963HIGHWordPress Amelia plugin <= 1.2.38 - Privilege Escalation vulnerabilityEPSS 0.3%CVE-2025-12482HIGHBooking for Appointments and Events Calendar – Amelia <= 1.2.35 - Unauthenticated SQL Injection via searchEPSS 0.3%CVE-2025-14720MEDIUMBooking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX ActionsEPSS 0.3%CVE-2026-39487HIGHWordPress Amelia plugin <= 2.1.1 - SQL Injection vulnerabilityEPSS 0.3%CVE-2024-6225MEDIUMAmelia <= 1.1.5 & Amelia (Pro) <= 7.5.1 - Authenticated (Admin+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-11754MEDIUMBooking System Trafft <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2026-24967MEDIUMWordPress Amelia plugin <= 1.2.38 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-58213MEDIUMWordPress Booking System Trafft Plugin <= 1.0.14 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%