Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

TMS

Source -

CNA

BOS Name -

N/A

CNA CVEs -

9

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
9Vulnerabilities found
CVE-2026-49080
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.23% / 13.52%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 20:57
Updated-17 Jun, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability

Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.

Action-Not Available
Vendor-TMS
Product-wpDataTables
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-48889
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.38% / 29.44%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 20:19
Updated-16 Jun, 2026 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Amelia <= 2.3 versions.

Action-Not Available
Vendor-TMS
Product-Amelia
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2026-40795
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 18.52%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 20:18
Updated-16 Jun, 2026 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Amelia plugin <= 2.2 - Broken Access Control vulnerability

Subscriber Broken Access Control in Amelia <= 2.2 versions.

Action-Not Available
Vendor-TMS
Product-Amelia
CWE ID-CWE-862
Missing Authorization
CVE-2026-40789
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.29% / 20.87%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 20:18
Updated-16 Jun, 2026 | 01:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Amelia plugin <= 2.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Amelia <= 2.2 versions.

Action-Not Available
Vendor-TMS
Product-Amelia
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CVE-2024-22298
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 29.64%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 08:06
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Amelia plugin <= 1.0.98 - Broken Access Control vulnerability

Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through 1.0.98.

Action-Not Available
Vendor-tms-outsourceTMStms-outsource
Product-ameliaAmeliaamelia
CWE ID-CWE-862
Missing Authorization
CVE-2024-31425
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.20% / 9.49%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 10:05
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Amelia plugin <= 1.0.95 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in TMS Amelia.This issue affects Amelia: from n/a through 1.0.95.

Action-Not Available
Vendor-TMS
Product-Amelia
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-50860
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 24.10%
||
7 Day CHG~0.00%
Published-28 Dec, 2023 | 10:14
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Amelia Plugin <= 1.0.85 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TMS Booking for Appointments and Events Calendar – Amelia allows Stored XSS.This issue affects Booking for Appointments and Events Calendar – Amelia: from n/a through 1.0.85.

Action-Not Available
Vendor-tms-outsourceTMS
Product-ameliaBooking for Appointments and Events Calendar – Amelia
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-29427
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.41% / 32.59%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 08:32
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Amelia Plugin <= 1.0.75 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin <= 1.0.75 versions.

Action-Not Available
Vendor-tms-outsourceTMS
Product-ameliaBooking for Appointments and Events Calendar – Amelia
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-27918
Assigner-JPCERT/CC
ShareView Details
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.51% / 39.28%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 00:00
Updated-27 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL.

Action-Not Available
Vendor-tms-outsourceTMS
Product-ameliaAppointment and Event Booking Calendar for WordPress - Amelia
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')