cbcvebase.

Dimitri Grassi Salon Booking System vulnerabilities

8 known vulnerabilities affecting dimitri_grassi/salon_booking_system.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2025-32220P3HIGHCVSS 8.8≤ 10.30.232025-04-04
CVE-2025-32220 [HIGH] CWE-862 CVE-2025-32220: Missing Authorization vulnerability in Dimitri Grassi Salon booking system salon-booking-system allo Missing Authorization vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salon booking system: from n/a through <= 10.30.23.
nvd
CVE-2026-42666P3HIGHCVSS 7.5≥ n/a, ≤ 10.30.252026-06-15
CVE-2026-42666 [HIGH] CWE-862 CVE-2026-42666: Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions. Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.
nvd
CVE-2024-47316P3HIGHCVSS 8.8≤ 10.92024-10-05
CVE-2024-47316 [HIGH] CWE-639 CVE-2024-47316: Authorization Bypass Through User-Controlled Key vulnerability in Dimitri Grassi Salon booking syste Authorization Bypass Through User-Controlled Key vulnerability in Dimitri Grassi Salon booking system salon-booking-system.This issue affects Salon booking system: from n/a through <= 10.9.
nvd
CVE-2025-31560P3HIGHCVSS 7.2≤ 10.152025-04-01
CVE-2025-31560 [HIGH] CWE-266 CVE-2025-31560: Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system salon-booking-sy Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Privilege Escalation.This issue affects Salon booking system: from n/a through < 10.15.
nvd
CVE-2025-67954P3MEDIUMCVSS 6.5≤ 10.30.32026-01-22
CVE-2025-67954 [MEDIUM] CWE-497 CVE-2025-67954: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system: from n/a through <= 10.30.3.
nvd
CVE-2025-47583P4MEDIUMCVSS 5.4≤ 10.162025-05-19
CVE-2025-47583 [MEDIUM] CWE-352 CVE-2025-47583: Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Cross Site Request Forgery.This issue affects Salon booking system: from n/a through <= 10.16.
nvd
CVE-2025-66531P4MEDIUMCVSS 4.3≤ 10.30.32025-12-09
CVE-2025-66531 [MEDIUM] CWE-352 CVE-2025-66531: Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Cross Site Request Forgery.This issue affects Salon booking system: from n/a through <= 10.30.3.
nvd
CVE-2026-40768HIGHCVSS 7.3≥ n/a, ≤ 10.30.242026-06-17
CVE-2026-40768 [HIGH] CWE-639 WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions.
cvelistv5
Dimitri Grassi Salon Booking System vulnerabilities | cvebase