CVE-2026-11887
The CVE-2026-11887 entry concerns the Salon Booking System WordPress plugin (pre-10.30.20) where an AJAX action lacks proper authorization, enabling any authenticated user (e.g., a subscriber) to modify settings and bypass manual booking approvals. Affected component: plugin code path handling th...