Wordpresschef Salon Booking System Free Version vulnerabilities

CVE-2025-8492 [MEDIUM] CWE-862 CVE-2025-8492: The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for Word The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax function in all versions up to, and including, 10.22. This makes it possible for unauthenticated attackers to execute AJAX actions, including limited

CVE-2022-4974 [MEDIUM] CWE-862 CVE-2022-4974: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cr The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme runni

CVE-2024-37231 [CRITICAL] CWE-22 CVE-2024-37231: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through 9.9.

CVE-2024-3229 [CRITICAL] CWE-434 CVE-2024-3229: The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected s

CVE-2024-4468 [MEDIUM] CWE-280 CVE-2024-4468: The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber access or higher to modify plugin settings and view discou

CVE-2024-4442 [HIGH] CWE-22 Salon booking system <= 9.9 - Unauthenticated Arbitrary File Deletion Salon booking system <= 9.9 - Unauthenticated Arbitrary File Deletion The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-con

CVE-2023-3427 [MEDIUM] CWE-352 CVE-2023-3427: The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in version The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or incorrect nonce validation on the 'save_customer' function. This makes it possible for unauthenticated attackers to change the admin role to customer or change the user meta to arbitrary values vi