Skip to main content

Booking For Appointments And Events Calendar Amelia

1 CVEs product

Monthly

CVE-2026-14782 MEDIUM This Month

SQL Injection in the Amelia booking plugin for WordPress (versions through 2.4.3) allows authenticated attackers holding the wpamelia-manager role to exfiltrate arbitrary data from the site's database via the Customer Import feature. The flaw stems from unsanitized user-supplied parameters passed into pre-existing SQL queries without adequate escaping or prepared statement usage, enabling stacked or appended query manipulation. No public exploit code or active exploitation has been identified at the time of analysis, and the confidentiality-only impact (C:H/I:N/A:N) reflects read-level database access rather than modification or destruction capability.

WordPress SQLi Booking For Appointments And Events Calendar Amelia
NVD
CVSS 3.1
4.9
CVSS 4.9
MEDIUM This Month

SQL Injection in the Amelia booking plugin for WordPress (versions through 2.4.3) allows authenticated attackers holding the wpamelia-manager role to exfiltrate arbitrary data from the site's database via the Customer Import feature. The flaw stems from unsanitized user-supplied parameters passed into pre-existing SQL queries without adequate escaping or prepared statement usage, enabling stacked or appended query manipulation. No public exploit code or active exploitation has been identified at the time of analysis, and the confidentiality-only impact (C:H/I:N/A:N) reflects read-level database access rather than modification or destruction capability.

WordPress SQLi Booking For Appointments And Events Calendar Amelia
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy