Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ameliabooking — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting ameliabooking. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ameliabooking serves as a medical appointment scheduling platform, enabling healthcare providers to manage patient bookings and appointments. Historically, it has been susceptible to multiple vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, with 19 CVEs documented to date. Notable security characteristics reveal consistent authentication and authorization flaws, often leading to unauthorized access or data exposure. While no major public incidents have been widely reported, the high CVE count suggests ongoing security challenges that require robust patch management and input validation to mitigate risks associated with web-based medical management systems.

Top products by ameliabooking: Booking for Appointments and Events Calendar – Amelia Amelia Booking System Trafft
CVE IDTitleCVSSSeverityPublished
CVE-2026-6449 Booking for Appointments and Events Calendar – Amelia <= 2.1.2 - Unauthenticated Authorization Bypass via Remote Approval Endpoint — Booking for Appointments and Events Calendar – AmeliaCWE-285 5.3 Medium2026-05-02
CVE-2026-39487 WordPress Amelia plugin <= 2.1.1 - SQL Injection vulnerability — AmeliaCWE-89 7.6 High2026-04-08
CVE-2026-5465 Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter — Booking for Appointments and Events Calendar – AmeliaCWE-639 8.8 High2026-04-07
CVE-2026-4668 Amelia <= 2.1.2 - Authenticated (Manager+) SQL Injection via 'sort' Parameter — Booking for Appointments and Events Calendar – AmeliaCWE-89 6.5 Medium2026-03-31
CVE-2026-2931 Amelia Booking <= 9.1.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change — Booking for Appointments and Events Calendar – AmeliaCWE-269 8.8 High2026-03-26
CVE-2026-24963 WordPress Amelia plugin <= 1.2.38 - Privilege Escalation vulnerability — AmeliaCWE-266 7.2 High2026-03-05
CVE-2026-24967 WordPress Amelia plugin <= 1.2.38 - Broken Access Control vulnerability — AmeliaCWE-862 5.3 Medium2026-02-03
CVE-2025-14720 Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions — Booking for Appointments and Events Calendar – AmeliaCWE-862 5.3 Medium2026-01-09
CVE-2025-12482 Booking for Appointments and Events Calendar – Amelia <= 1.2.35 - Unauthenticated SQL Injection via search — Booking for Appointments and Events Calendar – AmeliaCWE-89 7.5 High2025-11-16
CVE-2025-58213 WordPress Booking System Trafft Plugin <= 1.0.14 - Cross Site Scripting (XSS) Vulnerability — Booking System TrafftCWE-79 6.5 Medium2025-08-27
CVE-2025-2578 Booking for Appointments and Events Calendar – Amelia <= 1.2.19 - Unauthenticated Full Path Disclosure — Booking for Appointments and Events Calendar – AmeliaCWE-200 5.3 Medium2025-03-28
CVE-2025-26965 WordPress Amelia plugin <= 1.2.16 - Insecure Direct Object References (IDOR) vulnerability — AmeliaCWE-639 5.3 Medium2025-02-25
CVE-2024-11754 Booking System Trafft <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Booking System TrafftCWE-79 6.4 Medium2024-12-13
CVE-2024-6332 Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.4 - Missing Authorization to Sensitive Information Exposure — Booking for Appointments and Events Calendar – AmeliaCWE-862 6.5 Medium2024-09-05
CVE-2024-6552 Booking for Appointments and Events Calendar – Amelia <= 1.2 - Unauthenticated Full Path Disclosure — Booking for Appointments and Events Calendar – AmeliaCWE-200 5.3 Medium2024-08-08
CVE-2024-6225 Amelia <= 1.1.5 & Amelia (Pro) <= 7.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting — Booking for Appointments and Events Calendar – AmeliaCWE-79 4.4 Medium2024-06-21
CVE-2024-1484 Booking for Appointments and Events Calendar – Amelia <= 1.0.98 - Reflected Cross-Site Scripting — Booking for Appointments and Events Calendar – AmeliaCWE-79 6.1 Medium2024-03-13
CVE-2023-6808 Booking for Appointments and Events Calendar – Amelia <= 1.0.93 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode — Booking for Appointments and Events Calendar – AmeliaCWE-79 6.4 Medium2024-02-05
CVE-2022-0834 Amelia <= 1.0.46 - Stored Cross Site Scripting via lastName — Booking for Appointments and Events Calendar – AmeliaCWE-79 7.2 High2022-03-23

This page lists every published CVE security advisory associated with ameliabooking. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.