Amelia

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-39487 HIGH This Week

Blind SQL injection in Amelia WordPress plugin (ameliabooking) version 2.1.1 and earlier allows authenticated privileged users to extract database contents through improper input sanitization. The vulnerability requires high-privilege access (administrator-level) but permits cross-scope impact, enabling extraction of confidential data and potential service disruption. CVSS 7.6 severity reflects network-accessible attack vector with low complexity. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

SQLi Amelia

NVD

CVSS 3.1

7.6

EPSS

0.0%

CVE-2026-39487

EPSS 0% CVSS 7.6

HIGH This Week

Blind SQL injection in Amelia WordPress plugin (ameliabooking) version 2.1.1 and earlier allows authenticated privileged users to extract database contents through improper input sanitization. The vulnerability requires high-privilege access (administrator-level) but permits cross-scope impact, enabling extraction of confidential data and potential service disruption. CVSS 7.6 severity reflects network-accessible attack vector with low complexity. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

SQLi Amelia

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy