Tms-outsource

Amelia

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2024-6552

  • EPSS 0.56%
  • Veröffentlicht 08.08.2024 04:17:08
  • Zuletzt bearbeitet 08.08.2024 13:04:18

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2. This is due to the plugin utilizing Symfony and leaving display_errors on within test file...

4.8

CVE-2024-6225

  • EPSS 0.31%
  • Veröffentlicht 21.06.2024 08:15:10
  • Zuletzt bearbeitet 21.11.2024 09:49:14

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 (and 7.5.1 for the Pro version) due to insufficient input sanit...

9.8

CVE-2024-22298

  • EPSS 0.52%
  • Veröffentlicht 10.06.2024 08:15:48
  • Zuletzt bearbeitet 20.03.2025 15:39:01

Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through 1.0.98.

5.4

CVE-2023-6808

  • EPSS 0.26%
  • Veröffentlicht 05.02.2024 22:15:56
  • Zuletzt bearbeitet 21.11.2024 08:44:35

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output e...

5.4

CVE-2023-50860

  • EPSS 0.08%
  • Veröffentlicht 28.12.2023 11:15:10
  • Zuletzt bearbeitet 21.11.2024 08:37:25

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TMS Booking for Appointments and Events Calendar – Amelia allows Stored XSS.This issue affects Booking for Appointments and Events Calendar – Amelia...

6.1

CVE-2023-29427

  • EPSS 0.08%
  • Veröffentlicht 26.06.2023 09:15:09
  • Zuletzt bearbeitet 21.11.2024 07:57:02

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin <= 1.0.75 versions.

6.1

CVE-2023-27918

  • EPSS 0.26%
  • Veröffentlicht 10.05.2023 06:15:14
  • Zuletzt bearbeitet 27.01.2025 21:15:10

Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where...

5.5

CVE-2022-0825

Exploit
  • EPSS 0.19%
  • Veröffentlicht 04.04.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:39:28

The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and p...

5.5

CVE-2022-0837

Exploit
  • EPSS 0.21%
  • Veröffentlicht 04.04.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:39:29

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, acco...

5.5

CVE-2022-0720

Exploit
  • EPSS 0.13%
  • Veröffentlicht 28.03.2022 18:15:09
  • Zuletzt bearbeitet 21.11.2024 06:39:15

The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone nu...