Black Lantern Security (BLSOPS)
From customer to admin takeover in one request—Amelia Booking Pro flaw enables full WordPress compromise. #CVE-2026-2931 is on the BLS Blog now!
https://blog.blacklanternsecurity.com/p/amelia-booking-pro-912-authenticated
Amelia Booking Pro ≤ 9.1.2: Authenticated Customer-to-Admin Password Reset via IDOR

CVE-2026-2931

Black Lantern Security (BLSOPS)
Mar 26 at 8:47pmWeb