154 matches found
CVE-2026-48889
The CVE-2026-48889 entry concerns the WordPress Amelia plugin (versions <= 2.3) with a privilege escalation vulnerability affecting subscribers. The attached metrics indicate a high severity (CVSS v3.1 base score 8.8) with network attack vector, low attack complexity, and privileges required a...
CVE-2026-48889 WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Amelia = 2.3 versions...
CVE-2026-48889 WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Amelia = 2.3 versions...
CVE-2026-40795 WordPress Amelia plugin <= 2.2 - Broken Access Control vulnerability
Subscriber Broken Access Control in Amelia = 2.2 versions...
CVE-2026-40795 WordPress Amelia plugin <= 2.2 - Broken Access Control vulnerability
Subscriber Broken Access Control in Amelia = 2.2 versions...
CVE-2026-40795
The CVE-2026-40795 entry documents a Broken Access Control issue in the WordPress Amelia plugin, affecting versions <= 2.2. The vulnerability targets subscriber access rights, with the CVSS 3.1 base score of 6.5 (Medium), indicating potential high impact on integrity (I) and no confidentiality...
CVE-2026-40789 WordPress Amelia plugin <= 2.2 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Amelia = 2.2 versions...
CVE-2026-40789 WordPress Amelia plugin <= 2.2 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Amelia = 2.2 versions...
CVE-2026-6449
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...
CVE-2026-6449
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...
EUVD-2026-26758
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...
CVE-2026-6449 Booking for Appointments and Events Calendar – Amelia <= 2.1.2 - Unauthenticated Authorization Bypass via Remote Approval Endpoint
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...
CVE-2026-6449 Booking for Appointments and Events Calendar – Amelia <= 2.1.2 - Unauthenticated Authorization Bypass via Remote Approval Endpoint
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...
CVE-2026-6449
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...
CVE-2026-6449
The CVE-2026-6449 entry concerns the Booking for Appointments and Events Calendar – Amelia WordPress plugin, vulnerable in all versions up to 2.1.2. The flaw is an improper authorization flow caused by a logical short-circuit in the authorization logic that skips token validation when a booking h...
WordPress plugin Booking for Appointments and Events Calendar – Amelia 授权问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress Booking for Appointments and Events Calendar – Amelia plugin <= 2.1.2 - Unauthenticated Authorization Bypass vulnerability
Unauthenticated Authorization Bypass vulnerability discovered by awhacken in WordPress Plugin Amelia versions = 2.1.2...
WordPress Amelia plugin <= 2.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Niv Kochan in WordPress Plugin Amelia versions = 2.2...
WordPress Amelia plugin <= 2.2 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Weerawat Pawanawiwat ErbaZZ in WordPress Plugin Amelia versions = 2.2...
CVE-2026-5465
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...