2 matches found
Exploit for CVE-2026-5465
CVE-2026-5465: Privilege Escalation en Plugin Amelia WordPress...
CVE-2026-5465 Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...