Medium severity5.3NVD Advisory· Published Jan 9, 2026· Updated Apr 15, 2026
CVE-2025-14720
CVE-2025-14720
Description
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as refunded, trigger sending of queued notifications (emails/SMS/WhatsApp), and access debug information among other things.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.2.38
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.