Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tms-outsource amelia vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-50860
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TMS Booking for Appointments and Events Calendar – Amelia allows Stored XSS.This issue affects Booking for Appointments and Events Calendar – Amelia: from n...
Tms-outsource Amelia
4.3
CVSSv2
CVE-2022-0616
The Amelia WordPress plugin prior to 1.0.47 does not have CSRF check in place when deleting customers, which could allow malicious users to make a logged in admin delete arbitrary customers via a CSRF attack
Tms-outsource Amelia
6.5
CVSSv2
CVE-2022-0687
The Amelia WordPress plugin prior to 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager&qu...
Tms-outsource Amelia
5.5
CVSSv2
CVE-2022-0720
The Amelia WordPress plugin prior to 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who ...
Tms-outsource Amelia
NA
CVE-2023-27918
Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions before 1.0.76 allows a remote unauthenticated malicious user to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed ...
Tms-outsource Amelia
4.3
CVSSv2
CVE-2022-0627
The Amelia WordPress plugin prior to 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Tms-outsource Amelia
5.5
CVSSv2
CVE-2022-0837
The Amelia WordPress plugin prior to 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment hist...
Tms-outsource Amelia
NA
CVE-2023-29427
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin <= 1.0.75 versions.
Tms-outsource Amelia
NA
CVE-2023-6808
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user sup...
Tms-outsource Amelia
5.5
CVSSv2
CVE-2022-0825
The Amelia WordPress plugin prior to 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the pers...
Tms-outsource Amelia
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started