vulnerability

WordPress Plugin: amelia: CVE-2024-6332: Missing Authorization

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	Sep 4, 2024	Jan 28, 2026	Jan 28, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

Sep 4, 2024

Added

Jan 28, 2026

Modified

Jan 28, 2026

Description

The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.4. This makes it possible for unauthenticated attackers to access employee calendar details, including Google Calendar OAuth tokens in the premium version.

Solution

amelia-plugin-cve-2024-6332

References

URL-https://www.cve.org/CVERecord?id=CVE-2024-6332
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/2ac1e3ee-4dcc-4f45-ad07-17af750da3d1?source=api-prod
CVE-2024-6332
https://attackerkb.com/topics/CVE-2024-6332
CWE-862

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today