Vulnerabilities > TMS Outsource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-21 | CVE-2024-6225 | Cross-site Scripting vulnerability in Tms-Outsource Amelia The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 (and 7.5.1 for the Pro version) due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-06-10 | CVE-2024-22298 | Unspecified vulnerability in Tms-Outsource Amelia Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through 1.0.98. | 9.8 |
| 2024-02-05 | CVE-2023-6808 | Cross-site Scripting vulnerability in Tms-Outsource Amelia The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-12-28 | CVE-2023-50860 | Unspecified vulnerability in Tms-Outsource Amelia Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TMS Booking for Appointments and Events Calendar – Amelia allows Stored XSS.This issue affects Booking for Appointments and Events Calendar – Amelia: from n/a through 1.0.85. | 5.4 |
| 2023-09-11 | CVE-2023-4314 | Unspecified vulnerability in Tms-Outsource Wpdatatables The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. | 7.2 |
| 2023-06-26 | CVE-2023-29427 | Unspecified vulnerability in Tms-Outsource Amelia Unauth. | 6.1 |
| 2023-05-10 | CVE-2023-27918 | Cross-site Scripting vulnerability in Tms-Outsource Amelia Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL. | 6.1 |
| 2023-05-03 | CVE-2023-23876 | Unspecified vulnerability in Tms-Outsource Wpdatatables Auth. | 5.4 |
| 2022-05-20 | CVE-2022-29432 | Unspecified vulnerability in Tms-Outsource Wpdatatables Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters. | 4.8 |
| 2022-04-04 | CVE-2022-25618 | Cross-site Scripting vulnerability in Tms-Outsource Wpdatatables Lite Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27 | 4.8 |