Salonbookingsystem Salon Booking System vulnerabilities
22 known vulnerabilities affecting salonbookingsystem/salon_booking_system.
Total CVEs
22
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH6MEDIUM12
Vulnerabilities
Page 2 of 2
CVE-2024-2439P4MEDIUMCVSS 4.8fixed in 9.6.62024-04-26
CVE-2024-2439 [MEDIUM] CWE-79 CVE-2024-2439: The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its set
The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
nvd
CVE-2024-2429P4MEDIUMCVSS 4.3fixed in 9.6.62024-04-26
CVE-2024-2429 [MEDIUM] CWE-352 CVE-2024-2429: The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updat
The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
nvd
← Previous2 / 2