Booking for Appointments and Events Calendar – Amelia

Vulnerabilities 32Slug ameliabookingLatest version 2.3WordPress.org →

Minimum safe version

9.2

Update to 9.2 or later to address 32 fixable vulnerabilities

Latest available2.3
N/A
2026-04-28< 2.2.1

Booking for Appointments and Events Calendar – Amelia <= 2.2 - Missing Authorization

WordfenceCVE
N/A
2026-04-23< 2.2.1

Booking for Appointments and Events Calendar – Amelia <= 2.2 - Unauthenticated Information Exposure

WordfenceCVE
Medium 5.4
2025-11-18< 1.2.37

Amelia 1.2.18 - 1.2.36 - Unauthenticated Sensitive Information Exposure

WordfenceCVE
N/A
2026-03-25< 9.2

Amelia Booking <= 9.1.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change

WordfenceCVE
N/A
2026-04-06< 2.2

Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter

WordfenceCVE
N/A
2026-03-31< 2.1.3

Amelia <= 2.1.2 - Authenticated (Manager+) SQL Injection via 'sort' Parameter

WordfenceCVE
Medium 5.3
2025-03-28< 1.2.20

Booking for Appointments and Events Calendar – Amelia <= 1.2.19 - Unauthenticated Full Path Disclosure

EUVDWordfenceCVE
N/A
2024-07-03< 1.1.9

WordPress Amelia Plugin <= 1.1.8 is vulnerable to Backdoor

Patchstack