Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
PR:H confirmed by wpamelia-manager role requirement; C:H reflects full DB read access; I:N and A:N because exploitation enables data extraction only.
Primary rating from Vendor (Wordfence).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionNVD
The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the Customer Import in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with wpamelia-manager role, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
AnalysisAI
SQL Injection in the Amelia booking plugin for WordPress (versions through 2.4.3) allows authenticated attackers holding the wpamelia-manager role to exfiltrate arbitrary data from the site's database via the Customer Import feature. The flaw stems from unsanitized user-supplied parameters passed into pre-existing SQL queries without adequate escaping or prepared statement usage, enabling stacked or appended query manipulation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to possess an authenticated WordPress session with the wpamelia-manager role specifically assigned - standard WordPress Administrator, Editor, or lower roles are not sufficient unless they have also been assigned this plugin-specific role. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 4.9 (Medium) is defensible and proportionate for this vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained or been granted a wpamelia-manager account on the target WordPress site navigates to the Customer Import functionality and submits a crafted CSV or import payload containing SQL metacharacters designed to append a secondary query (e.g., UNION SELECT or stacked query) to the existing database call in UserRepository.php. The injected query extracts targeted rows - such as WordPress user hashes, stored customer PII, or booking payment metadata - and returns the data in the import response or an error message. … |
| Remediation | Update the Amelia plugin to a version beyond 2.4.3 through the WordPress plugin dashboard or by downloading directly from the WordPress plugin repository. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45051