Ameliabooking Booking For Appointments And Events Calendar – Amelia
13 CVEs affecting Ameliabooking Booking For Appointments And Events Calendar – Amelia. Latest disclosed: 2026-05-02. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-5465 | High | 8.8 | 2026-04-07 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and inc… |
CVE-2026-2931 | High | 8.8 | 2026-03-26 | The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin p… |
CVE-2025-12482 | High | 7.5 | 2025-11-16 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to… |
CVE-2022-0834 | High | 7.2 | 2022-03-23 | The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the lastName parameter found in the ~/src/Ap… |
CVE-2026-4668 | Medium | 6.5 | 2026-03-31 | The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the `sort` parameter in the payments listing… |
CVE-2024-6332 | Medium | 6.5 | 2024-09-05 | The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing… |
CVE-2023-6808 | Medium | 6.4 | 2024-02-05 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in al… |
CVE-2024-1484 | Medium | 6.1 | 2024-03-13 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the date parameters in all v… |
CVE-2026-6449 | Medium | 5.3 | 2026-05-02 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 2… |
CVE-2025-14720 | Medium | 5.3 | 2026-01-09 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multipl… |
CVE-2025-2578 | Medium | 5.3 | 2025-03-28 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including… |
CVE-2024-6552 | Medium | 5.3 | 2024-08-08 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2… |
CVE-2024-6225 | Medium | 4.4 | 2024-06-21 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions… |