Product
salonbookingsystem salon booking system
22 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-9882
CVE-2025-32220
CVE-2025-31560
CVE-2024-47316
CVE-2024-39658
CVE-2024-43280
CVE-2024-37231
CVE-2024-3229
CVE-2024-4468
CVE-2024-4442
CVE-2023-48319
CVE-2024-2603
CVE-2024-2439
CVE-2024-2429
CVE-2024-2102
CVE-2024-2101
CVE-2024-30510
CVE-2023-3427
CVE-2022-43487
CVE-2022-0920
CVE-2022-0919
CVE-2021-24429
< 1.9.4
The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not saniti
<= 10.11
Missing Authorization vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Exploiting Incorrectly Conf
<= 10.11
Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Privilege Escalati
< 10.9.1
Authorization Bypass Through User-Controlled Key vulnerability in Dimitri Grassi Salon booking system salon-booking-system.This is
< 10.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon b
< 10.9
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects
< 10.0
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking
< 10.3
The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the S
< 10.0
The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capab
< 10.0
The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8.
< 8.7
Improper Privilege Management vulnerability in Salon Booking System Salon booking system allows Privilege Escalation.This issue af
< 9.6.6
The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high
< 9.6.6
The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high
< 9.6.6
The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could
< 9.6.3
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_pre
< 9.6.3
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking
< 9.5.1
Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salo
<= 8.4.6
The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6.
< 7.9
Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to injec
< 7.6.3
The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, wh
< 7.6.3
The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, all
< 6.3.1
The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an