Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL.
[
{
"vendor": "TMS",
"product": "Appointment and Event Booking Calendar for WordPress - Amelia",
"versions": [
{
"version": "versions prior to 1.0.76",
"status": "affected"
}
]
}
]