3 matches found
CVE-2024-2429
The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-2429
CVE-2024-2429 affects the Salon Booking System WordPress plugin (up to 9.6.5). The issue is a missing CSRF check in the plugin’s settings update flow, allowing a logged-in admin to alter settings via CSRF. The Red Hat advisory reiterates this description. Exploitation status is not provided in th...
CVE-2024-2429 Salon booking system <= 9.6.5 - Settings Update via CSRF
The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...