2 matches found
PT-2024-21286 · WordPress · Salon Booking System
Name of the Vulnerable Software and Affected Versions: Salon booking system WordPress plugin versions 9.6.5 and earlier Description: The issue allows high privilege users, such as admin or editor depending on the plugin configuration, to perform Stored Cross-Site Scripting attacks. This is possib...
PT-2024-20338 · WordPress · Salon Booking System
Name of the Vulnerable Software and Affected Versions: The Salon booking system WordPress plugin versions 9.6.5 and earlier Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...