cleantalk
Vulnerabilities and Security Researches

Booking for Appointments and Events Calendar – Amelia, CVE-2025-2578

CVE, Research URL

CVE-2025-2578

Home page URL

Security reports for Booking for Appointments and Events Calendar – Amelia

Application

Booking for Appointments and Events Calendar – Amelia

Published on
Mar 28, 2025
Research Description
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.2.19 via the 'wpAmeliaApiCall' function. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
Affected versions
Min -, max 1.2.20.
Status
vulnerable
Previous vulnerability researches
WP Simple Slideshow (CVE-2025-26576) , Mar 16, 2025
New vulnerability
Lightweight and Responsive Youtube Embed (CVE-2025-31743) , Apr 03, 2025
Lightweight and Responsive Youtube Embed (CVE-2025-31744) , Apr 03, 2025
WP Profitshare (CVE-2025-31906) , Apr 03, 2025
Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger Live Chat Support Chat Button – Bit As (CVE-2025-30834) , Apr 03, 2025
Job Board Manager (CVE-2025-31862) , Apr 03, 2025