A high-severity vulnerability, CVE-2026-48889, was discovered in the Amelia plugin, affecting versions up to 2.3. This vulnerability allows for subscriber privilege escalation, posing a significant risk to WordPress sites using the affected plugin versions.
A Subscriber Broken Access Control vulnerability was found in the Amelia plugin versions <= 2.2. This issue has a CVSS score of 6.5, indicating a MEDIUM severity level. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
