CVE-2026-5465

🗓️ 07 Apr 2026 06:43:41Reported by WordfenceType

cve🔗 web.nvd.nist.gov👁 22 Views🌐 WEB

CVE-2026-5465: Amelia <=2.1.3 allows provider users to escalate privileges via externalId when updating their profile.

Reporter	Title	Published	Views	Family All 11
GithubExploit	Exploit for CVE-2026-5465	7 Apr 202613:59	–	githubexploit
ATTACKERKB	CVE-2026-5465	7 Apr 202606:43	–	attackerkb
Circl	CVE-2026-5465	7 Apr 202608:01	–	circl
CNNVD	WordPress plugin Booking for Appointments and Events Calendar – Amelia 安全漏洞	7 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-5465 Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter	7 Apr 202606:43	–	cvelist
EUVD	EUVD-2026-19580	7 Apr 202609:31	–	euvd
NVD	CVE-2026-5465	7 Apr 202607:16	–	nvd
Patchstack	WordPress Amelia plugin <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter vulnerability	7 Apr 202603:48	–	patchstack
Positive Technologies	PT-2026-30799	7 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-5465	8 Apr 202619:34	–	redhatcve

Vulners

Node

ameliabooking booking_for_appointments_and_events_calendar_ameliaRange≤2.1.3wordpress

[
  {
    "vendor": "ameliabooking",
    "product": "Booking for Appointments and Events Calendar – Amelia",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.1.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/3499608/ameliabooking/trunk/src/Application/Commands/User/Provider/UpdateProviderCommandHandler.php
plugins	www.plugins.trac.wordpress.org/browser/ameliabooking/tags/2.1.3/src/Application/Commands/User/Provider/UpdateProviderCommandHandler.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/a4204099-1065-4167-8b42-3da25945236c
plugins	www.plugins.trac.wordpress.org/browser/ameliabooking/tags/2.1.3/src/Application/Commands/User/Provider/UpdateProviderCommandHandler.php
plugins	www.plugins.trac.wordpress.org/browser/ameliabooking/tags/2.1.3/src/Application/Controller/User/Provider/UpdateProviderController.php
plugins	www.plugins.trac.wordpress.org/browser/ameliabooking/tags/2.1.3/src/Application/Commands/User/Provider/UpdateProviderCommandHandler.php

Parameter	Position	Path	Description	CWE
externalId	request body	wp-json/amelia/v1/providers/1	IDOR vulnerability allowing a Provider to change another user (admin) password by submitting an arbitrary externalId in the provider update request.	CWE-639
password	request body	wp-json/amelia/v1/providers/1	IDOR vulnerability allowing a Provider to change another user (admin) password by submitting an arbitrary externalId in the provider update request.	CWE-639
email	request body	wp-json/amelia/v1/providers/1	IDOR vulnerability allowing a Provider to change another user (admin) password by submitting an arbitrary externalId in the provider update request.	CWE-639
firstName	request body	wp-json/amelia/v1/providers/1	IDOR vulnerability allowing a Provider to change another user (admin) password by submitting an arbitrary externalId in the provider update request.	CWE-639
lastName	request body	wp-json/amelia/v1/providers/1	IDOR vulnerability allowing a Provider to change another user (admin) password by submitting an arbitrary externalId in the provider update request.	CWE-639

17 Jun 2026 10:59Current

6Medium risk

Vulners AI Score6

CVSS 3.18.8

EPSS0.00632

SSVC

CWE-639