Booking for Appointments and Events Calendar – Amelia

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Booking for Appointments and Events Calendar – Amelia

Information

Software Type Plugin
Software Slug ameliabooking (view on wordpress.org)
Software Status Active
Software Author melograno
Software Website wpamelia.com
Software Downloads 1,441,613
Software Active Installs 90,000
Software Record Last Updated June 18, 2026

Showing 1-20 of 29 Vulnerabilities

Submit a Vulnerability
Booking for Appointments and Events Calendar – Amelia <= 2.3 - Authenticated (Subscriber+) Privilege Escalation
8.8
CVE-2026-48889
Jun 2, 2026
Researcher: dodoh4t
Booking for Appointments and Events Calendar – Amelia <= 2.2.1 - Unauthenticated Authorization Bypass via Remote Approval Endpoint
5.3
CVE-2026-6449
May 1, 2026
Researcher: awhacken
Booking for Appointments and Events Calendar – Amelia <= 2.2 - Missing Authorization
4.3
CVE-2026-40795
Apr 28, 2026
Researcher: Niv Kochan
Booking for Appointments and Events Calendar – Amelia <= 2.2 - Unauthenticated Information Exposure
5.3
CVE-2026-40789
Apr 23, 2026
Researcher: Weerawat Pawanawiwat (ErbaZZ)
Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter
8.8
CVE-2026-5465
Apr 6, 2026
Researcher: Osvaldo Noe Gonzalez Del Rio (Os)
Amelia <= 2.1.2 - Authenticated (Manager+) SQL Injection via 'sort' Parameter
6.5
CVE-2026-4668
Mar 31, 2026
Researcher: Michael Perla (vizen5)
Amelia Booking 8.3 - 9.1.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change
8.8
CVE-2026-2931
Mar 25, 2026
Researcher: Hunter Jensen (skid)
Amelia <= 2.1.1 - Authenticated (Custom role+) SQL Injection
6.5
CVE-2026-39487
Mar 25, 2026
Researcher: daroo
Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Authenticated (Employee+) Privilege Escalation
8.8
CVE-2026-24963
Mar 4, 2026
Researcher: daroo
Amelia <= 1.2.38 - Missing Authorization
5.3
CVE-2026-24967
Jan 11, 2026
Researcher: Bao - BlueRock
Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions
5.3
CVE-2025-14720
Jan 8, 2026
Researcher: type5afe
Amelia 1.2.18 - 1.2.36 - Unauthenticated Sensitive Information Exposure
5.3
CVE-2023-49282
Nov 18, 2025
Researcher: Dmitrii Ignatyev
Booking for Appointments and Events Calendar – Amelia <= 1.2.35 - Unauthenticated SQL Injection via search
7.5
CVE-2025-12482
Nov 15, 2025
Researcher: YC_Infosec
Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.4 - Missing Authorization to Sensitive Information Exposure
6.5
CVE-2024-6332
Sep 4, 2024
Researcher: Nadim Zubidat
Booking for Appointments and Events Calendar – Amelia <= 1.2 - Unauthenticated Full Path Disclosure
5.3
CVE-2024-6552
Aug 7, 2024
Researcher: stealthcopter
Amelia <= 1.1.5 & Amelia (Pro) <= 7.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting
4.4
CVE-2024-6225
Jun 20, 2024
Researcher: Vinay Kumar
Amelia <= 1.0.95 - Cross-Site Request Forgery
4.3
CVE-2024-31425
Apr 10, 2024
Researcher: beluga
Booking for Appointments and Events Calendar – Amelia <= 1.0.98 - Reflected Cross-Site Scripting
6.1
CVE-2024-1484
Feb 29, 2024
Researcher: Muhammad Hassham Nagori
Booking for Appointments and Events Calendar – Amelia <= 1.0.93 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
6.4
CVE-2023-6808
Jan 18, 2024
Researcher: Ngô Thiên An (ancorn_)
Amelia <= 1.0.98 - Missing Authorization
6.5
CVE-2024-22298
Jan 17, 2024
Researcher: Abdi Pranata
Title Status CVE ID CVSS Researchers Date
Booking for Appointments and Events Calendar – Amelia <= 2.3 - Authenticated (Subscriber+) Privilege Escalation Patched CVE-2026-48889 8.8 dodoh4t June 2, 2026
Booking for Appointments and Events Calendar – Amelia <= 2.2.1 - Unauthenticated Authorization Bypass via Remote Approval Endpoint Patched CVE-2026-6449 5.3 awhacken May 1, 2026
Booking for Appointments and Events Calendar – Amelia <= 2.2 - Missing Authorization Patched CVE-2026-40795 4.3 Niv Kochan April 28, 2026
Booking for Appointments and Events Calendar – Amelia <= 2.2 - Unauthenticated Information Exposure Patched CVE-2026-40789 5.3 Weerawat Pawanawiwat (ErbaZZ) April 23, 2026
Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter Patched CVE-2026-5465 8.8 Osvaldo Noe Gonzalez Del Rio (Os) April 6, 2026
Amelia <= 2.1.2 - Authenticated (Manager+) SQL Injection via 'sort' Parameter Patched CVE-2026-4668 6.5 Michael Perla (vizen5) March 31, 2026
Amelia Booking 8.3 - 9.1.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change Patched CVE-2026-2931 8.8 Hunter Jensen (skid) March 25, 2026
Amelia <= 2.1.1 - Authenticated (Custom role+) SQL Injection Patched CVE-2026-39487 6.5 daroo March 25, 2026
Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Authenticated (Employee+) Privilege Escalation Patched CVE-2026-24963 8.8 daroo March 4, 2026
Amelia <= 1.2.38 - Missing Authorization Patched CVE-2026-24967 5.3 Bao - BlueRock January 11, 2026
Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions Patched CVE-2025-14720 5.3 type5afe January 8, 2026
Amelia 1.2.18 - 1.2.36 - Unauthenticated Sensitive Information Exposure Patched CVE-2023-49282 5.3 Dmitrii Ignatyev November 18, 2025
Booking for Appointments and Events Calendar – Amelia <= 1.2.35 - Unauthenticated SQL Injection via search Patched CVE-2025-12482 7.5 YC_Infosec November 15, 2025
Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.4 - Missing Authorization to Sensitive Information Exposure Patched CVE-2024-6332 6.5 Nadim Zubidat September 4, 2024
Booking for Appointments and Events Calendar – Amelia <= 1.2 - Unauthenticated Full Path Disclosure Patched CVE-2024-6552 5.3 stealthcopter August 7, 2024
Amelia <= 1.1.5 & Amelia (Pro) <= 7.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2024-6225 4.4 Vinay Kumar June 20, 2024
Amelia <= 1.0.95 - Cross-Site Request Forgery Patched CVE-2024-31425 4.3 beluga April 10, 2024
Booking for Appointments and Events Calendar – Amelia <= 1.0.98 - Reflected Cross-Site Scripting Patched CVE-2024-1484 6.1 Muhammad Hassham Nagori February 29, 2024
Booking for Appointments and Events Calendar – Amelia <= 1.0.93 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode Patched CVE-2023-6808 6.4 Ngô Thiên An (ancorn_) January 18, 2024
Amelia <= 1.0.98 - Missing Authorization Patched CVE-2024-22298 6.5 Abdi Pranata January 17, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation