What is CVE-2026-6320?

CVE-2026-6320 is a high-severity vulnerability in Wordpresschef Salon Booking System – Free Version, classified under Path Traversal. CVSS score: 7.5/10. Published 2026-05-02.

How severe is CVE-2026-6320?

High severity. CVSS v3 base score is 7.5 out of 10.

Path Traversal in Wordpresschef Salon Booking System – Free Version

CVE-2026-6320

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (34.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Wordpresschef Salon Booking System – Free Version — versions 0

Weakness classification (CWE)

CWE-22 — Path Traversal

References

Frequently asked questions

What is CVE-2026-6320?: CVE-2026-6320 is a high-severity vulnerability in Wordpresschef Salon Booking System – Free Version, classified under Path Traversal. CVSS score: 7.5/10. Published 2026-05-02.
How severe is CVE-2026-6320?: High severity. CVSS v3 base score is 7.5 out of 10.