Dimitri Grassi Salon Booking System vulnerabilities
8 known vulnerabilities affecting dimitri_grassi/salon_booking_system.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2025-32220P3HIGHCVSS 8.8≤ 10.30.232025-04-04
CVE-2025-32220 [HIGH] CWE-862 CVE-2025-32220: Missing Authorization vulnerability in Dimitri Grassi Salon booking system salon-booking-system allo
Missing Authorization vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salon booking system: from n/a through <= 10.30.23.
nvd
CVE-2026-42666P3HIGHCVSS 7.5≥ n/a, ≤ 10.30.252026-06-15
CVE-2026-42666 [HIGH] CWE-862 CVE-2026-42666: Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.
Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.
nvd
CVE-2024-47316P3HIGHCVSS 8.8≤ 10.92024-10-05
CVE-2024-47316 [HIGH] CWE-639 CVE-2024-47316: Authorization Bypass Through User-Controlled Key vulnerability in Dimitri Grassi Salon booking syste
Authorization Bypass Through User-Controlled Key vulnerability in Dimitri Grassi Salon booking system salon-booking-system.This issue affects Salon booking system: from n/a through <= 10.9.
nvd
CVE-2025-31560P3HIGHCVSS 7.2≤ 10.152025-04-01
CVE-2025-31560 [HIGH] CWE-266 CVE-2025-31560: Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system salon-booking-sy
Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Privilege Escalation.This issue affects Salon booking system: from n/a through < 10.15.
nvd
CVE-2025-67954P3MEDIUMCVSS 6.5≤ 10.30.32026-01-22
CVE-2025-67954 [MEDIUM] CWE-497 CVE-2025-67954: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system: from n/a through <= 10.30.3.
nvd
CVE-2025-47583P4MEDIUMCVSS 5.4≤ 10.162025-05-19
CVE-2025-47583 [MEDIUM] CWE-352 CVE-2025-47583: Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking
Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Cross Site Request Forgery.This issue affects Salon booking system: from n/a through <= 10.16.
nvd
CVE-2025-66531P4MEDIUMCVSS 4.3≤ 10.30.32025-12-09
CVE-2025-66531 [MEDIUM] CWE-352 CVE-2025-66531: Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking
Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Cross Site Request Forgery.This issue affects Salon booking system: from n/a through <= 10.30.3.
nvd
CVE-2026-40768HIGHCVSS 7.3≥ n/a, ≤ 10.30.242026-06-17
CVE-2026-40768 [HIGH] CWE-639 WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability
WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions.
cvelistv5