Salon Booking System Security Vulnerabilities and Issues — Salon Booking System CVE List

Lucene search

SalonbookingsystemSalon Booking System

4 matches found

CVE•added 2024/04/17 5:15 a.m.•76 views

CVE-2024-2102

The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_prefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Booki...

4.7CVSS8AI score0.00222EPSS

CVE•added 2024/04/26 5:15 a.m.•75 views

CVE-2024-2439

The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8CVSS7.6AI score0.00159EPSS

CVE•added 2024/04/26 5:15 a.m.•67 views

CVE-2024-2429

The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

4.3CVSS6.6AI score0.00178EPSS

CVE•added 2025/05/15 8:16 p.m.•14 views

CVE-2024-9882

The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html cap...

4.8CVSS5.7AI score0.00039EPSS