Every CVE whose affected-product data names Tms-outsource Amelia, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2022-0687 — CVSS 8.8 (high): The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to…
CVE-2023-29427 — CVSS 7.1 (high): Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin <= 1.0.75…
CVE-2023-50860 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TMS Booking for Appointments and…
CVE-2023-6808 — CVSS 6.4 (medium): The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
CVE-2023-27918 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a…
CVE-2022-0627 — CVSS 6.1 (medium): The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page…
CVE-2022-0837 — CVSS 5.4 (medium): The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to…
CVE-2022-0720 — CVSS 5.4 (medium): The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update…
CVE-2022-0825 — CVSS 5.4 (medium): The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update…
CVE-2024-22298 — CVSS 5.3 (medium): Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through 1.0.98.
CVE-2024-6225 — CVSS 4.4 (medium): The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin…
CVE-2022-0616 — CVSS 4.3 (medium): The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a…