VYPR

Ameliabooking

by WordPress

Source repositories

CVEs (10)

  • CVE-2026-2931HigMar 26, 2026
    risk 0.57cvss 8.8epss 0.00

    The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes…

  • CVE-2026-5465HigApr 7, 2026
    risk 0.50cvss 8.8epss 0.01

    The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the `UpdateProviderCommandHandler` failing to validate changes to the `externalId` field…

  • CVE-2026-39487HigApr 8, 2026
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through <= 2.1.1.

  • CVE-2026-4668MedApr 1, 2026
    risk 0.35cvss 6.5epss 0.00

    The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the `sort` parameter in the payments listing endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the user-supplied `sort`…

  • CVE-2024-31425MedApr 15, 2024
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in TMS Amelia.This issue affects Amelia: from n/a through 1.0.95.

  • CVE-2026-6449MedMay 2, 2026
    risk 0.34cvss 5.3epss 0.00

    The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2.1.2. This is due to a logical short-circuit flaw in authorization logic that causes token validation to be entirely…

  • CVE-2026-24967MedFeb 3, 2026
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through <= 1.2.38.

  • CVE-2025-26965MedFeb 25, 2025
    risk 0.34cvss 5.3epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through <= 1.2.16.

  • CVE-2025-14720MedJan 9, 2026
    risk 0.27cvss 5.3epss 0.00

    The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to…

  • CVE-2025-2578MedMar 28, 2025
    risk 0.27cvss 5.3epss 0.00

    The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.19 via the 'wpAmeliaApiCall' function. This makes it possible for unauthenticated attackers to retrieve the full…