WordPress Plugin Vulnerabilities

Amelia < 2.0 - Employee+ Privilege Escalation

Description

The plugin is vulnerable to Privilege Escalation. This makes it possible for authenticated attackers, with employee-level access and above, to elevate their privileges to that of an administrator.

Affects Plugins

Plugin icon
ameliabooking
Fixed in 2.0

References

CVE
CVE-2026-24963
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/3bc19aca-15df-40c8-a7c4-10ae7faf0308

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
7.2 (high)

Miscellaneous

Original Researcher
daroo
Verified
No
WPVDB ID
e0896e28-6692-4c68-b40e-de000c574c04

Timeline

Publicly Published
2026-03-04 (about 2 months ago)
Added
2026-03-13 (about 2 months ago)
Last Updated
2026-03-13 (about 2 months ago)

Other

Published
Title
Published
2025-04-02
Title
wpForo Forum < 2.4.4 - Subscriber+ Privilege Escalation
Published
2026-03-06
Title
Paid Videochat Turnkey Site – HTML5 PPV Live Webcams < 7.3.21 - Authenticated (Author+) Privilege Escalation
Published
2020-06-11
Title
WordPress < 5.4.2 - Misuse of set-screen-option Leading to Privilege Escalation
Published
2025-07-14
Title
HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. < 2.2.2 - Unauthenticated Arbitrary File Deletion
Published
2024-04-25
Title
WooCommerce Amazon Affiliates < 14.1.0 - Subscriber+ Privilege Escalation