CVE-2026-40795

Vulnerability

A broken access control vulnerability exists in the Amelia plugin for WordPress versions 2.2 and earlier [1]. The issue arises from missing authorization, authentication, or nonce token checks in certain functions, allowing unprivileged users to execute actions intended for higher-privileged roles [1].

Exploitation

An attacker needs only a subscriber-level account on a WordPress site running the vulnerable plugin [1]. No additional authentication or special network position is required beyond being a logged-in subscriber. The attacker can send crafted requests to trigger the missing access control checks in plugin functions [1].

Impact

Successful exploitation allows an unprivileged subscriber to perform actions reserved for higher-privileged users, such as modifying booking data or accessing restricted information [1]. This can lead to unauthorized data disclosure or alteration, compromising the confidentiality and integrity of the affected site [1].

Mitigation

The vulnerability is fixed in version 2.2.1 of the Amelia plugin [1]. Users should update to 2.2.1 or later immediately. If unable to update, users can ask their hosting provider or web developer for assistance, or use the Patchstack mitigation rule to block attacks until patched [1].