Salonbookingsystem

Salon Booking System

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2024-9882

Exploit
  • EPSS 0.05%
  • Veröffentlicht 15.05.2025 20:16:01
  • Zuletzt bearbeitet 12.06.2025 16:35:10

The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Sc...

8.8

CVE-2025-32220

  • EPSS 0.25%
  • Veröffentlicht 04.04.2025 16:15:31
  • Zuletzt bearbeitet 11.04.2025 13:07:18

Missing Authorization vulnerability in Dimitri Grassi Salon booking system allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Salon booking system: from n/a through 10.10.7.

7.2

CVE-2025-31560

  • EPSS 0.3%
  • Veröffentlicht 01.04.2025 21:15:50
  • Zuletzt bearbeitet 14.04.2025 12:41:00

Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system allows Privilege Escalation. This issue affects Salon booking system: from n/a through 10.11.

8.8

CVE-2024-47316

  • EPSS 0.07%
  • Veröffentlicht 05.10.2024 13:15:13
  • Zuletzt bearbeitet 11.04.2025 15:11:31

Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.9.

7.2

CVE-2024-39658

  • EPSS 0.75%
  • Veröffentlicht 29.08.2024 15:15:27
  • Zuletzt bearbeitet 13.09.2024 21:04:24

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows SQL Injection.This issue affects Salon booking system: from n/a through 10.7.

6.1

CVE-2024-43280

  • EPSS 0.18%
  • Veröffentlicht 19.08.2024 18:15:12
  • Zuletzt bearbeitet 11.04.2025 15:13:02

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.8.1.

9.1

CVE-2024-37231

  • EPSS 0.14%
  • Veröffentlicht 24.06.2024 13:15:11
  • Zuletzt bearbeitet 11.04.2025 15:14:45

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through 9.9.

9.8

CVE-2024-3229

  • EPSS 8.75%
  • Veröffentlicht 19.06.2024 05:15:52
  • Zuletzt bearbeitet 11.04.2025 15:16:19

The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 1...

5.4

CVE-2024-4468

  • EPSS 0.57%
  • Veröffentlicht 08.06.2024 08:15:08
  • Zuletzt bearbeitet 21.11.2024 09:42:53

The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. This makes it possibl...

9.1

CVE-2024-4442

  • EPSS 33.7%
  • Veröffentlicht 21.05.2024 07:15:08
  • Zuletzt bearbeitet 18.04.2025 16:08:37

The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possi...