Amelia
Melograno Venture Studio
Developer
2.4.1
Latest version
90,000
Installations
No date
Last updated
Vulnerability history
0 present
32 patched
13 Mitigation rules
- Privilege Escalation vulnerability<= 2.32 days ago
- Unauthenticated Authorization Bypass vulnerability<= 2.1.201/05/2026
- Broken Access Control vulnerability<= 2.228/04/2026
- Sensitive Data Exposure vulnerability<= 2.223/04/2026
- Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter vulnerability<= 2.1.307/04/2026
- Authenticated (Manager+) SQL Injection via 'sort' Parameter vulnerability<= 2.1.201/04/2026
- Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change vulnerability<= 9.1.227/03/2026
- SQL Injection vulnerability<= 2.1.125/03/2026
- Privilege Escalation vulnerability<= 1.2.3804/03/2026
- Missing Authorization to Unauthenticated Multiple AJAX Actions vulnerability<= 1.2.3830/01/2026
- Broken Access Control vulnerability<= 1.2.3811/01/2026
- WordPress Amelia plugin - 1.2.18-1.2.36 - Unauthenticated Sensitive Information Exposure vulnerability1.2.18-1.2.3618/11/2025
- Unauthenticated SQL Injection via search vulnerability<= 1.2.3517/11/2025
- Unauthenticated Full Path Disclosure vulnerability<= 1.2.1927/03/2025
- Insecure Direct Object References (IDOR) vulnerability<= 1.2.1623/02/2025
- Missing Authorization to Sensitive Information Exposure vulnerability<= 1.2.405/09/2024
- Unauthenticated Full Path Disclosure vulnerability<= 1.208/08/2024
- Malicious Polyfill.io Embed vulnerability<= 1.1.803/07/2024
- Authenticated Stored Cross-Site Scripting vulnerability<= 1.1.520/06/2024
- Cross Site Request Forgery (CSRF) vulnerability<= 1.0.9510/04/2024
- Reflected Cross-Site Scripting vulnerability<= 1.0.9801/03/2024
- Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode vulnerability<= 1.0.9319/01/2024
- Broken Access Control vulnerability<= 1.0.9817/01/2024
- Cross Site Scripting (XSS) vulnerability<= 1.0.8522/12/2023
- Cross Site Scripting (XSS) vulnerability<= 1.0.7506/04/2023
- SMS Service Abuse and Sensitive Data Disclosure vulnerability<= 1.0.4714/03/2022
- Arbitrary Appointments Status Update vulnerability<= 1.0.4814/03/2022
- Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability<= 1.0.4602/03/2022
- Arbitrary Appointments Update and Sensitive Data Disclosure vulnerability<= 1.0.4601/03/2022
- Remote Code Execution (RCE) vulnerability<= 1.0.4523/02/2022
- Arbitrary Customer Deletion via Cross-Site Request Forgery (CSRF) vulnerability<= 1.0.4523/02/2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 1.0.4523/02/2022