281 matches found
CVE-2026-11887
The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new...
CVE-2026-11887
The CVE concerns the Salon Booking System WordPress plugin prior to 10.30.20. Affected component: an AJAX action without proper authorization checks, enabling any authenticated user (e.g., a subscriber) to modify the plugin’s settings and bypass manual approval of new bookings. Root cause: insuff...
CVE-2026-11887 Salon Booking System < 10.30.20 - Subscriber+ Booking Approval Bypass
The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new...
EUVD-2026-37604
Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...
CVE-2026-40768
Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...
CVE-2026-40768
The CVE covers WordPress Salon booking system plugin versions
CVE-2026-40768 WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in Salon booking system = 10.30.24 versions...
CVE-2026-42666
Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...
CVE-2026-42666 WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...
CVE-2026-42666 WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...
EUVD-2026-36831
Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...
CVE-2026-42666
The WordPress Salon Booking System plugin versions
PT-2026-49457
Unauthenticated Broken Access Control in Salon booking system = 10.30.25 versions...
WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Evan in WordPress Plugin Salon booking system versions = 10.30.25...
WordPress Salon Booking System – Free Version plugin <= 10.30.25 - Unauthenticated Arbitrary File Read vulnerability
Unauthenticated Arbitrary File Read vulnerability discovered by daroo in WordPress Plugin Salon booking system versions = 10.30.25...
CVE-2026-6320
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...
CVE-2026-6320
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...
CVE-2026-6320 Salon Booking System – Free Version <= 10.30.25 - Unauthenticated Arbitrary File Read via Booking File Field Path Traversal
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...
EUVD-2026-26784
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...
CVE-2026-6320 Salon Booking System – Free Version <= 10.30.25 - Unauthenticated Arbitrary File Read via Booking File Field Path Traversal
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...