Lucene search
K

281 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-11887

The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new...

4.3CVSS0.00178EPSS
Exploits0References1
CVE
CVE
added 3 days ago11 views

CVE-2026-11887

The CVE concerns the Salon Booking System WordPress plugin prior to 10.30.20. Affected component: an AJAX action without proper authorization checks, enabling any authenticated user (e.g., a subscriber) to modify the plugin’s settings and bypass manual approval of new bookings. Root cause: insuff...

4.3CVSS5.8AI score0.00178EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-11887 Salon Booking System < 10.30.20 - Subscriber+ Booking Approval Bypass

The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new...

0.00178EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2026-37604

Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...

7.3CVSS5.2AI score0.00288EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-40768

Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...

7.3CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.16 views

CVE-2026-40768

The CVE covers WordPress Salon booking system plugin versions

7.3CVSS5.2AI score0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.25 views

CVE-2026-40768 WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...

7.3CVSS0.00288EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-42666

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

7.5CVSS0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.7 views

CVE-2026-42666 WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

7.5CVSS5.1AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.26 views

CVE-2026-42666 WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

7.5CVSS0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.6 views

EUVD-2026-36831

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

7.5CVSS5.1AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.14 views

CVE-2026-42666

The WordPress Salon Booking System plugin versions

7.5CVSS5.1AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49457

Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...

7.5CVSS5.1AI score0.00278EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/10 5:40 a.m.8 views

WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Evan in WordPress Plugin Salon booking system versions = 10.30.25...

5.8AI score0.00278EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/05 2:34 p.m.11 views

WordPress Salon Booking System – Free Version plugin <= 10.30.25 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Salon booking system versions = 10.30.25...

7.5CVSS5.8AI score0.00373EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.26 views

CVE-2026-6320

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...

7.5CVSS5.9AI score0.00373EPSS
Exploits0References1
NVD
NVD
added 2026/05/02 12:16 p.m.71 views

CVE-2026-6320

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...

7.5CVSS0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/02 11:16 a.m.81 views

CVE-2026-6320 Salon Booking System – Free Version <= 10.30.25 - Unauthenticated Arbitrary File Read via Booking File Field Path Traversal

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...

7.5CVSS0.00373EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/02 11:16 a.m.40 views

EUVD-2026-26784

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...

7.5CVSS5.9AI score0.00373EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/02 11:16 a.m.6 views

CVE-2026-6320 Salon Booking System – Free Version <= 10.30.25 - Unauthenticated Arbitrary File Read via Booking File Field Path Traversal

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...

7.5CVSS5.9AI score0.00373EPSS
Exploits0References2
Rows per page
Query Builder