CVE-2025-12482

Name of the Vulnerable Software and Affected Versions Amelia plugin for WordPress versions up to and including 1.2.35

Description The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is susceptible to SQL Injection due to insufficient input validation and query preparation. Specifically, the search parameter is not adequately sanitized, allowing unauthenticated attackers to inject malicious SQL queries. Successful exploitation could lead to the extraction of sensitive information from the database. The vulnerable parameter is search.

Recommendations Update the Amelia plugin to a version later than 1.2.35.