Tmsproducts Amelia vulnerabilities
2 known vulnerabilities affecting tmsproducts/amelia.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-6332P3MEDIUMCVSS 6.5≤ 1.2.3≤ 7.72024-09-05
CVE-2024-6332 [MEDIUM] CWE-862 CVE-2024-6332: The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are
The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.4. This makes it possible for unauthenticated attackers to access employee
nvd
CVE-2024-1484P4MEDIUMCVSS 6.1fixed in 1.0.992024-03-13
CVE-2024-1484 [MEDIUM] CWE-79 CVE-2024-1484: The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Refl
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the date parameters in all versions up to, and including, 1.0.98 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that
nvd