Salon Booking System Security Vulnerabilities and Issues — Salon Booking System CVE List

Lucene search

SalonbookingsystemSalon Booking System

3 matches found

CVE•added 2024/06/19 5:15 a.m.•59 views

CVE-2024-3229

The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated a...

9.8CVSS9.9AI score0.10762EPSS

CVE•added 2024/05/21 7:15 a.m.•52 views

CVE-2024-4442

The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbit...

9.1CVSS7.8AI score0.24535EPSS

CVE•added 2024/06/24 1:15 p.m.•50 views

CVE-2024-37231

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through 9.9.

9.1CVSS8.6AI score0.00107EPSS