CVE-2022-0920

CWE-863 — Incorrect Authorization CWE-362 — Race Condition CWE-416 — Use After Free5 documents5 sources

Severity

7.5HIGH

EPSS

0.8%

top 25.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Salon Booking System Unknown Salon Booking System PRO Salonbookingsystem Salon Booking System

Timeline

PublishedApr 11

Latest updateMay 23

Description

The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5unknown/salon_booking_system7.6.3 — 7.6.3

▶CVEListV5unknown/salon_booking_system_pro7.6.3 — 7.6.3

▶NVDsalonbookingsystem/salon_booking_system< 7.6.3

🔴Vulnerability Details

GHSA

GHSA-9m85-v4hv-p2xv: The Salon booking system Free and Pro WordPress plugins before 7↗2022-04-12

▶

CVEList

Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure↗2022-04-11

▶

📋Vendor Advisories

CISA

Android Kernel Race Condition Vulnerability↗2022-05-23

▶