Lucene search

CVE-2024-4442

🗓️ 21 May 2024 07:08:15Reported by WordfenceType

The Salon booking system plugin for WordPress allows unauthenticated attackers to delete arbitrary files, leading to site takeover and remote code execution

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
WPVulnDB	Salon booking system < 10.0 - Unauthenticated Arbitrary File Deletion	20 May 202400:00	–	wpvulndb
NVD	CVE-2024-4442	21 May 202407:15	–	nvd
Vulnrichment	CVE-2024-4442 Salon booking system <= 9.8 - Unauthenticated Arbitrary File Deletion	21 May 202406:49	–	vulnrichment
Cvelist	CVE-2024-4442 Salon booking system <= 9.8 - Unauthenticated Arbitrary File Deletion	21 May 202406:49	–	cvelist
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)	23 May 202415:00	–	wordfence

Nvd

Vulners

Node

salonbookingsystem salon_booking_systemRange<10.0wordpress

[
  {
    "vendor": "wordpresschef",
    "product": "Salon booking system",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "9.8",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/salon-booking-system/tags/9.8/src/SLN/Action/Ajax/RemoveUploadedFile.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/eaafeadd-f44c-49b1-b900-ef40800c629e
plugins	www.plugins.trac.wordpress.org/changeset/3088196/salon-booking-system

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 May 2024 07:15Current

7.8High risk

Vulners AI Score7.8

CVSS39.1

EPSS0.21182

SSVC

CWE-22