VYPR

Appointment And Event Booking Calendar For Wordpress Amelia

by Tms Outsource

Source repositories

CVEs (6)

  • CVE-2026-5465HigApr 7, 2026
    risk 0.50cvss 8.8epss 0.01

    The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the `UpdateProviderCommandHandler` failing to validate changes to the `externalId` field…

  • CVE-2023-29427HigJun 26, 2023
    risk 0.46cvss 7.1epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin <= 1.0.75 versions.

  • CVE-2025-12482HigNov 16, 2025
    risk 0.42cvss 7.5epss 0.00

    The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 1.2.35 due to insufficient escaping on the user supplied parameter and lack of sufficient…

  • CVE-2023-27918MedMay 10, 2023
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed…

  • CVE-2026-4668MedApr 1, 2026
    risk 0.35cvss 6.5epss 0.00

    The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the `sort` parameter in the payments listing endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the user-supplied `sort`…

  • CVE-2025-14720MedJan 9, 2026
    risk 0.27cvss 5.3epss 0.00

    The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to…