Amelia
ameliabooking
Developer
2.1.3
Latest version
90,000
Installations
No date
Last updated
Vulnerability history
0 present
26 patched
11 Mitigation rules
- Authenticated (Manager+) SQL Injection via 'sort' Parameter vulnerability<= 2.1.21 day ago
- Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change vulnerability<= 9.1.26 days ago
- Privilege Escalation vulnerability<= 1.2.3804/03/2026
- Missing Authorization to Unauthenticated Multiple AJAX Actions vulnerability<= 1.2.3830/01/2026
- Broken Access Control vulnerability<= 1.2.3811/01/2026
- WordPress Amelia plugin - 1.2.18-1.2.36 - Unauthenticated Sensitive Information Exposure vulnerability1.2.18-1.2.3618/11/2025
- Unauthenticated SQL Injection via search vulnerability<= 1.2.3517/11/2025
- Unauthenticated Full Path Disclosure vulnerability<= 1.2.1927/03/2025
- Insecure Direct Object References (IDOR) vulnerability<= 1.2.1623/02/2025
- Missing Authorization to Sensitive Information Exposure vulnerability<= 1.2.405/09/2024
- Unauthenticated Full Path Disclosure vulnerability<= 1.208/08/2024
- Malicious Polyfill.io Embed vulnerability<= 1.1.803/07/2024
- Authenticated Stored Cross-Site Scripting vulnerability<= 1.1.520/06/2024
- Cross Site Request Forgery (CSRF) vulnerability<= 1.0.9510/04/2024
- Reflected Cross-Site Scripting vulnerability<= 1.0.9801/03/2024
- Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode vulnerability<= 1.0.9319/01/2024
- Broken Access Control vulnerability<= 1.0.9817/01/2024
- Cross Site Scripting (XSS) vulnerability<= 1.0.8522/12/2023
- Cross Site Scripting (XSS) vulnerability<= 1.0.7506/04/2023
- SMS Service Abuse and Sensitive Data Disclosure vulnerability<= 1.0.4714/03/2022
- Arbitrary Appointments Status Update vulnerability<= 1.0.4814/03/2022
- Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability<= 1.0.4602/03/2022
- Arbitrary Appointments Update and Sensitive Data Disclosure vulnerability<= 1.0.4601/03/2022
- Remote Code Execution (RCE) vulnerability<= 1.0.4523/02/2022
- Arbitrary Customer Deletion via Cross-Site Request Forgery (CSRF) vulnerability<= 1.0.4523/02/2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 1.0.4523/02/2022