Vendor
The Amelia Booking plugin for WordPress versions 9.1.2 and earlier is vulnerable to Insecure Direct Object References (IDOR), allowing authenticated attackers with customer-level permissions or higher to change user passwords and potentially compromise administrator accounts.