2 matches found
CVE-2024-6225 Amelia <= 1.1.5 & Amelia (Pro) <= 7.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 and 7.5.1 for the Pro version due to insufficient input sanitization and output escaping. This makes it possib...
WordPress Amelia Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)
Software Amelia Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-6225 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7d613d3e00ad Credits Vinay Kumar Required privilege Administrator...