Vulnerabilities > Tmsproducts
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-05 | CVE-2024-6332 | Missing Authorization vulnerability in Tmsproducts Amelia The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.3. | 6.5 |
| 2024-03-13 | CVE-2024-1484 | Cross-site Scripting vulnerability in Tmsproducts Amelia The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the date parameters in all versions up to, and including, 1.0.98 due to insufficient input sanitization and output escaping. | 6.1 |