Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Booking for Appointments and Events Calendar – Amelia — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in Booking for Appointments and Events Calendar – Amelia, with AI-generated Chinese analysis, references, and POCs.

Vendor: ameliabooking

CVE IDTitleCVSSSeverityPublished
CVE-2026-5465 Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter CWE-639 8.8 High2026-04-07
CVE-2026-4668 Amelia <= 2.1.2 - Authenticated (Manager+) SQL Injection via 'sort' Parameter CWE-89 6.5 Medium2026-03-31
CVE-2026-2931 Amelia Booking <= 9.1.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change CWE-269 8.8 High2026-03-26
CVE-2025-14720 Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions CWE-862 5.3 Medium2026-01-09
CVE-2025-12482 Booking for Appointments and Events Calendar – Amelia <= 1.2.35 - Unauthenticated SQL Injection via search CWE-89 7.5 High2025-11-16
CVE-2025-2578 Booking for Appointments and Events Calendar – Amelia <= 1.2.19 - Unauthenticated Full Path Disclosure CWE-200 5.3 Medium2025-03-28
CVE-2024-6332 Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.4 - Missing Authorization to Sensitive Information Exposure CWE-862 6.5 Medium2024-09-05
CVE-2024-6552 Booking for Appointments and Events Calendar – Amelia <= 1.2 - Unauthenticated Full Path Disclosure CWE-200 5.3 Medium2024-08-08
CVE-2024-6225 Amelia <= 1.1.5 & Amelia (Pro) <= 7.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting CWE-79 4.4 Medium2024-06-21
CVE-2024-1484 Booking for Appointments and Events Calendar – Amelia <= 1.0.98 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2024-03-13
CVE-2023-6808 Booking for Appointments and Events Calendar – Amelia <= 1.0.93 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode CWE-79 6.4 Medium2024-02-05
CVE-2023-50860 WordPress Amelia Plugin <= 1.0.85 is vulnerable to Cross Site Scripting (XSS) CWE-79 6.5 Medium2023-12-28
CVE-2023-29427 WordPress Amelia Plugin <= 1.0.75 is vulnerable to Cross Site Scripting (XSS) CWE-79 7.1 High2023-06-26
CVE-2022-0834 Amelia <= 1.0.46 - Stored Cross Site Scripting via lastName CWE-79 7.2 High2022-03-23

All 14 known CVE vulnerabilities affecting Booking for Appointments and Events Calendar – Amelia with full Chinese analysis, references, and POCs where available.