CVE-2026-5465 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: April 7, 2026
Amelia WordPress Plugin - Broken Access Control
Published: April 7, 2026Updated: April 7, 2026Remote Exploitable
Overview
Amelia WordPress plugin <= 2.1.3 contains an insecure direct object reference caused by lack of authorization checks on the externalId field in UpdateProviderCommandHandler, letting authenticated Provider users take over any WordPress account, exploit requires Provider-level or higher access.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Authenticated Provider users can take over any WordPress account, including administrators, leading to full site compromise.
Mitigation
Update to the latest version beyond 2.1.3.
References
- https://plugins.trac.wordpress.org/browser/ameliabooking/tags/2.1.3/src/Application/Commands/User/Provider/UpdateProviderCommandHandler.php#L239
- https://plugins.trac.wordpress.org/browser/ameliabooking/tags/2.1.3/src/Application/Controller/User/Provider/UpdateProviderController.php#L30
- https://plugins.trac.wordpress.org/changeset/3499608/ameliabooking/trunk/src/Application/Commands/User/Provider/UpdateProviderCommandHandler.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a4204099-1065-4167-8b42-3da25945236c?source=cve
- https://plugins.trac.wordpress.org/browser/ameliabooking/tags/2.1.3/src/Application/Commands/User/Provider/UpdateProviderCommandHandler.php#L146
- https://plugins.trac.wordpress.org/browser/ameliabooking/tags/2.1.3/src/Application/Commands/User/Provider/UpdateProviderCommandHandler.php#L219
Related Resources
Details
- CVE ID
- CVE-2026-5465
- Severity
- High
- CVSS Score
- 8.8
- Type
- broken_access_control
- Status
- new
CWE
- CWE-639
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H