Lucene search
WPScanVULNRICHMENT:CVE-2024-2429HistoryApr 26, 2024 - 5:00 a.m.
CVE-2024-2429 Salon booking system <= 9.6.5 - Settings Update via CSRF
2024-04-2605:00:02
WPScan
github.com
1
salon booking system
wordpress plugin
csrf
vulnerability
admin
settings
update
The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:salonbookingsystem:salon_booking_system:*:*:*:*:*:*:*:*"
],
"vendor": "salonbookingsystem",
"product": "salon_booking_system",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "9.6.5"
}
],
"defaultStatus": "affected"
}
]Related
cvelist
cvelist
CVE-2024-2429 Salon booking system <= 9.6.5 - Settings Update via CSRF
2024-04-26 05:00:02
wpexploit
wpexploit
Salon booking system < 9.6.6 - Settings Update via CSRF
2024-04-05 00:00:00
nvd
nvd
CVE-2024-2429
2024-04-26 05:15:50
cve
cve
CVE-2024-2429
2024-04-26 05:15:50
wpvulndb
wpvulndb
Salon booking system < 9.6.6 - Settings Update via CSRF
2024-04-05 00:00:00
wordfence
wordfence
AI Score
6.3
Confidence
High
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-2429