cleantalk
Vulnerabilities and Security Researches

Booking for Appointments and Events Calendar – Amelia, CVE-2022-0687

CVE, Research URL

CVE-2022-0687

Home page URL

Security reports for Booking for Appointments and Events Calendar – Amelia

Application

Booking for Appointments and Events Calendar – Amelia

Published on
Mar 22, 2022
Research Description
The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role.
Affected versions
Min -, max 1.0.47.
Status
vulnerable
Previous vulnerability researches
Booking for Appointments and Events Calendar – Amelia (CVE-2024-22298) , Jun 10, 2024
Booking for Appointments and Events Calendar – Amelia (CVE-2024-6225) , Jun 22, 2024
Booking for Appointments and Events Calendar – Amelia (CVE-2022-0616) , Jun 07, 2024
Booking for Appointments and Events Calendar – Amelia (CVE-2022-0687) , Jun 07, 2024
Booking for Appointments and Events Calendar – Amelia (CVE-2022-0720) , Jun 07, 2024
New vulnerability
Big Boom Directory (CVE-2024-13673) , Apr 04, 2025
LuckyWP Table of Contents (CVE-2025-2299) , Apr 04, 2025
Customizable WordPress Gallery Plugin – Modula Image Gallery (CVE-2024-9416) , Apr 04, 2025
Contact Form vCard Generator (CVE-2025-31582) , Apr 04, 2025
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2025-1663) , Apr 04, 2025