PatchSiren

melograno CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM melograno CVE published 2026-07-16

CVE-2026-14782

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the Customer Import in all versions up to, and including, 2.4.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Authenticated attackers, with wpamelia-manager role, can append additional SQL queries into already [truncated]