Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2022-0834

🗓️ 23 Mar 2022 19:46:49Reported by WordfenceType 
cve
 cve🔗 web.nvd.nist.gov👁 65 Views🌐 WEB

The Amelia WordPress plugin allows Cross-Site Scripting via the lastName parameter in ~/src/Application/Controller/User/Customer/AddCustomerController.php. Versions up to 1.0.46 are affected

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
CNNVD		WordPress plugin Amelia 跨站脚本漏洞
23 Mar 202200:00
cnnvd
CNVD		WordPress Amelia Plugin Cross-Site Scripting Vulnerability
25 Mar 202200:00
cnvd
Cvelist		CVE-2022-0834 Amelia <= 1.0.46 - Stored Cross Site Scripting via lastName
23 Mar 202219:46
cvelist
EUVD		EUVD-2022-15880
3 Oct 202520:07
euvd
NVD		CVE-2022-0834
23 Mar 202220:15
nvd
OSV		CVE-2022-0834
23 Mar 202220:15
osv
Patchstack		WordPress Amelia plugin <= 1.0.46 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
2 Mar 202200:00
patchstack
Prion		Cross site scripting
23 Mar 202220:15
prion
Positive Technologies		PT-2022-13458 · WordPress · Amelia
23 Mar 202200:00
ptsecurity
RedhatCVE		CVE-2022-0834
9 Jan 202608:41
redhatcve
Rows per page
NVD
Vulners
Node
wpameliaameliaRange1.0.46wordpress
[
  {
    "vendor": "ameliabooking",
    "product": "Booking for Appointments and Events Calendar – Amelia",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.0.46",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]
ParameterPositionPathDescriptionCWE
lastNamerequest body/src/Application/Controller/User/Customer/AddCustomerController.phpCross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter in AddCustomerController allowing arbitrary scripts to be injected via the booking calendar page.CWE-79

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Apr 2026 18:17Current
5.2Medium risk
Vulners AI Score5.2
CVSS 23.5
CVSS 3.15.4 - 7.2
EPSS0.00171
SSVC
CWE-79
ameliawordpressplugincross-site scriptinglastname parameteraddcustomercontroller.phpvulnerabilitynvdcve-2022-0834
65