Salonbookingsystem

Salon Booking System

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2023-48319

  • EPSS 0.22%
  • Veröffentlicht 17.05.2024 09:15:13
  • Zuletzt bearbeitet 15.04.2025 20:56:20

Improper Privilege Management vulnerability in Salon Booking System Salon booking system allows Privilege Escalation.This issue affects Salon booking system: from n/a through 8.6.

6.3

CVE-2024-2603

Exploit
  • EPSS 0.18%
  • Veröffentlicht 26.04.2024 05:15:50
  • Zuletzt bearbeitet 18.04.2025 18:42:37

The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on Salon booking system WordPress plugin through 9.6.5 configuration)...

4.8

CVE-2024-2439

Exploit
  • EPSS 0.22%
  • Veröffentlicht 26.04.2024 05:15:50
  • Zuletzt bearbeitet 14.04.2025 14:18:39

The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...

4.3

CVE-2024-2429

Exploit
  • EPSS 0.14%
  • Veröffentlicht 26.04.2024 05:15:50
  • Zuletzt bearbeitet 14.04.2025 14:18:25

The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

4.7

CVE-2024-2102

Exploit
  • EPSS 0.22%
  • Veröffentlicht 17.04.2024 05:15:48
  • Zuletzt bearbeitet 14.04.2025 13:42:32

The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_prefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The paylo...

5.7

CVE-2024-2101

Exploit
  • EPSS 0.67%
  • Veröffentlicht 17.04.2024 05:15:48
  • Zuletzt bearbeitet 14.04.2025 13:42:18

The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an a...

9.8

CVE-2024-30510

  • EPSS 0.91%
  • Veröffentlicht 29.03.2024 14:15:14
  • Zuletzt bearbeitet 27.02.2025 14:53:37

Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 9.5.

4.3

CVE-2023-3427

  • EPSS 0.05%
  • Veröffentlicht 28.06.2023 02:15:49
  • Zuletzt bearbeitet 21.11.2024 08:17:14

The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or incorrect nonce validation on the 'save_customer' function. This makes it possible for unauth...

6.1

CVE-2022-43487

  • EPSS 1.95%
  • Veröffentlicht 05.12.2022 04:15:10
  • Zuletzt bearbeitet 24.04.2025 14:15:36

Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script.

7.5

CVE-2022-0920

Exploit
  • EPSS 0.82%
  • Veröffentlicht 11.04.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:39:40

The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data