2 matches found
CVE-2022-0920 Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure
The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data...
CVE-2022-0920
The CVE-2022-0920 entry concerns WordPress plugins “Salon booking system Free and Pro” prior to version 7.6.3. Connected sources consistently describe an access control error in several endpoints that could let authenticated users view all bookings and other customers’ data. The vulnerability ste...