What is CVE-2024-4442?

CVE-2024-4442 is a critical-severity vulnerability in Wordpresschef Salon Booking System – Free Version, classified under Path Traversal. CVSS score: 9.1/10. Published 2024-05-21.

How severe is CVE-2024-4442?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Is CVE-2024-4442 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Wordpresschef Salon Booking System – Free Version

CVE-2024-4442

The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This mak…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.267 (96.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H.

Affected products

Wordpresschef Salon Booking System – Free Version — versions 0

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

Frequently asked questions

What is CVE-2024-4442?: CVE-2024-4442 is a critical-severity vulnerability in Wordpresschef Salon Booking System – Free Version, classified under Path Traversal. CVSS score: 9.1/10. Published 2024-05-21.
How severe is CVE-2024-4442?: Critical severity. CVSS v3 base score is 9.1 out of 10.
Is CVE-2024-4442 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.