浏览 27+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39487 | WordPress Amelia plugin <= 2.1.1 - SQL Injection vulnerability | ameliabooking | Amelia | - | - | 2026-04-08 08:30:12 | Deep Dive |
| CVE-2026-5465 | Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter | ameliabooking | Booking for Appointments and Events Calendar – Amelia | High | 8.8 | 2026-04-07 06:43:41 | Deep Dive |
| CVE-2026-4668 | Amelia <= 2.1.2 - Authenticated (Manager+) SQL Injection via 'sort' Parameter | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 6.5 | 2026-03-31 23:25:47 | Deep Dive |
| CVE-2026-2931 | Amelia Booking <= 9.1.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change | ameliabooking | Booking for Appointments and Events Calendar – Amelia | High | 8.8 | 2026-03-26 03:37:28 | Deep Dive |
| CVE-2026-24963 | WordPress Amelia plugin <= 1.2.38 - Privilege Escalation vulnerability | ameliabooking | Amelia | High | 7.2 | 2026-03-05 05:53:50 | Deep Dive |
| CVE-2026-24967 | WordPress Amelia plugin <= 1.2.38 - Broken Access Control vulnerability | ameliabooking | Amelia | Medium | 5.3 | 2026-02-03 14:08:36 | Deep Dive |
| CVE-2025-14720 | Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 5.3 | 2026-01-09 06:34:54 | Deep Dive |
| CVE-2025-12482 | Booking for Appointments and Events Calendar – Amelia <= 1.2.35 - Unauthenticated SQL Injection via search | ameliabooking | Booking for Appointments and Events Calendar – Amelia | High | 7.5 | 2025-11-16 04:17:30 | Deep Dive |
| CVE-2025-2578 | Booking for Appointments and Events Calendar – Amelia <= 1.2.19 - Unauthenticated Full Path Disclosure | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 5.3 | 2025-03-28 07:33:04 | Deep Dive |
| CVE-2025-26965 | WordPress Amelia plugin <= 1.2.16 - Insecure Direct Object References (IDOR) vulnerability | ameliabooking | Amelia | 中危 | - | 2025-02-25 14:17:58 | Deep Dive |
| CVE-2024-6332 | Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.4 - Missing Authorization to Sensitive Information Exposure | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 6.5 | 2024-09-05 09:29:49 | Deep Dive |
| CVE-2024-6552 | Booking for Appointments and Events Calendar – Amelia <= 1.2 - Unauthenticated Full Path Disclosure | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 5.3 | 2024-08-08 03:30:46 | Deep Dive |
| CVE-2024-6225 | Amelia <= 1.1.5 & Amelia (Pro) <= 7.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 4.4 | 2024-06-21 07:39:57 | Deep Dive |
| CVE-2024-22298 | WordPress Amelia plugin <= 1.0.98 - Broken Access Control vulnerability | TMS | Amelia | Medium | 5.3 | 2024-06-10 08:06:40 | Deep Dive |
| CVE-2024-31425 | WordPress Amelia plugin <= 1.0.95 - Cross Site Request Forgery (CSRF) vulnerability | TMS | Amelia | Medium | 5.4 | 2024-04-15 10:05:45 | Deep Dive |
| CVE-2024-1484 | Booking for Appointments and Events Calendar – Amelia <= 1.0.98 - Reflected Cross-Site Scripting | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 6.1 | 2024-03-13 15:26:45 | Deep Dive |
| CVE-2023-6808 | Booking for Appointments and Events Calendar – Amelia <= 1.0.93 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 6.4 | 2024-02-05 21:21:57 | Deep Dive |
| CVE-2023-50860 | WordPress Amelia Plugin <= 1.0.85 is vulnerable to Cross Site Scripting (XSS) | TMS | Booking for Appointments and Events Calendar – Amelia | Medium | 6.5 | 2023-12-28 10:14:11 | Deep Dive |
| CVE-2023-29427 | WordPress Amelia Plugin <= 1.0.75 is vulnerable to Cross Site Scripting (XSS) | TMS | Booking for Appointments and Events Calendar – Amelia | High | 7.1 | 2023-06-26 08:32:56 | Deep Dive |
| CVE-2023-27918 | WordPress plugin Appointment and Event Booking Calendar for WordPress 跨站脚本漏洞 | TMS | Appointment and Event Booking Calendar for WordPress - Amelia | 中危 | - | 2023-05-10 00:00:00 | Deep Dive |