For some reason we could not open your link but we can see that you are mentioning vulnerability in Amelia. We had these kind of warnings (they were not correct there was no security issues) with previous version of Amelia but these issues are resolved already.
Make sure that you have updated Ameliua to latest version which is 7.7.1 and that you purged the cache. With latest version there should be no issues.
Should you have any further inquiries, we kindly request that you open separate tickets for each question and we will gladly help you there.
We wish you all the best and hope you have a wonderful day ahead.
The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.3. This makes it possible for unauthenticated attackers to access employee calendar details, including Google Calendar OAuth tokens in the premium version.
Until this is fixed our compliance team will not let us reenable Amelia, which is causing us significant issues - if it is not resolved very soon then we will need to look for an alternate solution.
We were on 7.7.1 when it was highlighted - as 7.7.1 came out on 30 July and the flaw wasn't published until 4 September, I would assume that it is still an issue unless they can confirm it isn't.
We have checked this with our developers and they have confirmed that this issue was resolved and they will reach out to their support team to resolve this with them so that they can remove this notice.
Should you have any further inquiries, we kindly request that you open separate tickets for each question and we will gladly help you there.
We wish you all the best and hope you have a wonderful day ahead.
Please fix asap this issue: https://www.cve.org/CVERecord?id=CVE-2024-6332
Hello there,
Thank you for reaching out to us.
For some reason we could not open your link but we can see that you are mentioning vulnerability in Amelia. We had these kind of warnings (they were not correct there was no security issues) with previous version of Amelia but these issues are resolved already.
Make sure that you have updated Ameliua to latest version which is 7.7.1 and that you purged the cache. With latest version there should be no issues.
Should you have any further inquiries, we kindly request that you open separate tickets for each question and we will gladly help you there.
We wish you all the best and hope you have a wonderful day ahead.
Kind Regards,
Marko Davidovic
[email protected]
Rate my support
wpDataTables: FAQ | Facebook | Twitter | Instagram | Front-end and back-end demo | Docs
Amelia: FAQ | Facebook | Twitter | Instagram | Amelia demo sites | Docs | Discord Community
You can try wpDataTables add-ons before purchasing on these sandbox sites:
Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables
Marko we are also having this warning come up on a separate site: https://wpscan.com/vulnerability/c465d76a-c8fc-4b8c-855c-fc9a19b7aeca/
Message is:
The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.3. This makes it possible for unauthenticated attackers to access employee calendar details, including Google Calendar OAuth tokens in the premium version.
Until this is fixed our compliance team will not let us reenable Amelia, which is causing us significant issues - if it is not resolved very soon then we will need to look for an alternate solution.
Upgrade to 7.7.1 (Latest release)?
We were on 7.7.1 when it was highlighted - as 7.7.1 came out on 30 July and the flaw wasn't published until 4 September, I would assume that it is still an issue unless they can confirm it isn't.
Hello everyone,
We have checked this with our developers and they have confirmed that this issue was resolved and they will reach out to their support team to resolve this with them so that they can remove this notice.
Should you have any further inquiries, we kindly request that you open separate tickets for each question and we will gladly help you there.
We wish you all the best and hope you have a wonderful day ahead.
Kind Regards,
Marko Davidovic
[email protected]
Rate my support
wpDataTables: FAQ | Facebook | Twitter | Instagram | Front-end and back-end demo | Docs
Amelia: FAQ | Facebook | Twitter | Instagram | Amelia demo sites | Docs | Discord Community
You can try wpDataTables add-ons before purchasing on these sandbox sites:
Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables