7 matches found
CVE-2025-47583
CVE-2025-47583 covers an unauthenticated CSRF vulnerability in the WordPress plugin Salon Booking System, affecting versions up to 10.16. The issue, described as CSRF leading to arbitrary content deletion, is documented across multiple sources (NVD, CVE list, Red Hat advisory, Patchstack). Exploi...
CVE-2025-32220 WordPress Salon booking system plugin <= 10.30.23 - Broken Access Control vulnerability
Missing Authorization vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salon booking system: from n/a through = 10.30.23...
WordPress Salon booking system Plugin <= 9.9 is vulnerable to Arbitrary File Deletion
Software Salon booking system Type Plugin Vulnerable versions = 9.9 Fixed in 10.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-37231 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 096d4dd72ddd Credits LVT-tholv2k Required...
WordPress Salon booking system Plugin <= 10.2 is vulnerable to Arbitrary File Upload
Software Salon booking system Type Plugin Vulnerable versions = 10.2 Fixed in 10.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-3229 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 73c749725728 Credits Gibran Abdillah Required privilege...
WordPress Salon booking system Plugin <= 9.9 is vulnerable to Broken Access Control
Software Salon booking system Type Plugin Vulnerable versions = 9.9 Fixed in 10.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4468 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 495ce87718e9 Credits JoanClarke2 Required privile...
WordPress Salon booking system Plugin <= 9.6.5 is vulnerable to Cross Site Scripting (XSS)
Software Salon booking system Type Plugin Vulnerable versions = 9.6.5 Fixed in 9.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2439 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 667860bc9aac Credits cyc707 Required...
WordPress Salon booking system plugin <= 7.6.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered by Huli Cymetrics in WordPress Salon booking system plugin versions = 7.6.1. Solution Update the WordPress Salon booking system plugin to the latest available version at least 7.6.3...