157 matches found
CVE-2026-57702 WordPress Amelia plugin <= 2.4.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Melograno Venture Studio Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through = 2.4.2...
CVE-2026-57702
The WordPress Amelia plugin (Amelia ameliabooking)
WordPress Amelia plugin <= 2.4.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Amelia versions = 2.4.2...
CVE-2026-48889
The CVE-2026-48889 entry concerns the WordPress Amelia plugin (versions <= 2.3) with a privilege escalation vulnerability affecting subscribers. The attached metrics indicate a high severity (CVSS v3.1 base score 8.8) with network attack vector, low attack complexity, and privileges required a...
CVE-2026-48889 WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Amelia = 2.3 versions...
CVE-2026-48889 WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in Amelia = 2.3 versions...
CVE-2026-40795 WordPress Amelia plugin <= 2.2 - Broken Access Control vulnerability
Subscriber Broken Access Control in Amelia = 2.2 versions...
CVE-2026-40795 WordPress Amelia plugin <= 2.2 - Broken Access Control vulnerability
Subscriber Broken Access Control in Amelia = 2.2 versions...
CVE-2026-40795
The CVE-2026-40795 entry documents a Broken Access Control issue in the WordPress Amelia plugin, affecting versions <= 2.2. The vulnerability targets subscriber access rights, with the CVSS 3.1 base score of 6.5 (Medium), indicating potential high impact on integrity (I) and no confidentiality...
CVE-2026-40789 WordPress Amelia plugin <= 2.2 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Amelia = 2.2 versions...
CVE-2026-40789 WordPress Amelia plugin <= 2.2 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Amelia = 2.2 versions...
CVE-2026-6449
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...
CVE-2026-6449
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...
CVE-2026-6449 Booking for Appointments and Events Calendar – Amelia <= 2.1.2 - Unauthenticated Authorization Bypass via Remote Approval Endpoint
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...
CVE-2026-6449
The CVE-2026-6449 entry concerns the Booking for Appointments and Events Calendar – Amelia WordPress plugin, vulnerable in all versions up to 2.1.2. The flaw is an improper authorization flow caused by a logical short-circuit in the authorization logic that skips token validation when a booking h...
CVE-2026-6449 Booking for Appointments and Events Calendar – Amelia <= 2.1.2 - Unauthenticated Authorization Bypass via Remote Approval Endpoint
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...
CVE-2026-6449
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...
EUVD-2026-26758
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely skipped when a booking...
WordPress plugin Booking for Appointments and Events Calendar – Amelia 授权问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress Booking for Appointments and Events Calendar – Amelia plugin <= 2.1.2 - Unauthenticated Authorization Bypass vulnerability
Unauthenticated Authorization Bypass vulnerability discovered by awhacken in WordPress Plugin Amelia versions = 2.1.2...