Booking for Appointments and Events Calendar – Amelia Vulnerabilities

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes i...

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.38. This makes it possible for authenticated attackers, with employee-level access and above, to elevate their privileges...

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to perform an una...

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark...

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 1.2.18 to 1.2.36 via the 'phpinfo' function. This makes it possible for unauthenticated attackers to extract sensitive data including server...

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 1.2.35 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.19 via the 'wpAmeliaApiCall' function. This makes it possible for unauthenticated attackers to retrieve the full pa...

The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.16 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers t...

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2. This is due to the plugin utilizing Symfony and leaving display_errors on within test files. This makes it possible for...

The Amelia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.95. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a f...

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the date parameters in all versions up to, and including, 1.0.98 due to insufficient input sanitization and output escaping. This makes it possible f...

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user supplied attri...