6 matches found
EUVD-2025-27652
Malicious code in bioql PyPI...
CVE-2025-8492
The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax function in all versions up to, and including, 10.22. This makes it possible for unauthenticat...
CVE-2025-8492
The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax function in all versions up to, and including, 10.22. This makes it possible for unauthenticat...
CVE-2025-8492
CVE-2025-8492 affects the WordPress plugin Salon Booking System (Free Version) up to version 10.20. The vulnerability is caused by a missing capability check in the ajax function, enabling unauthenticated attackers to execute AJAX actions, including limited file uploads. Wordfence lists a CVSS v3...
PT-2025-37133
The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax function in all versions up to, and including, 10.20. This makes it possible for unauthenticat...
CVE-2024-9417
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to limited file uploads due to a misconfigured file type validation in the 'handleUpload' function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to upload files that are...