3 matches found
CVE-2024-6332 Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.4 - Missing Authorization to Sensitive Information Exposure
The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.4. This makes it...
CVE-2024-6332
The CVE-2024-6332 entry for Amelia Premium (<=7.7) and Amelia Lite (<=1.2.3) is supported by connected sources indicating a missing capability check in ameliaButtonCommand that allows unauthenticated access to employee calendar details; in the Premium version this also exposes Google Calend...
WordPress Amelia Plugin <= 1.2.4 is vulnerable to Broken Access Control
Software Amelia Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-6332 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 338114c15946 Credits Nadim Zubidat Required privilege...