Salonbookingsystem Salon_booking_system

22 CVEs affecting Salonbookingsystem Salon_booking_system. Latest disclosed: 2025-05-15. Critical: 3, High: 4.

Top CVEs affecting Salonbookingsystem Salon_booking_system
CVESeverityScorePublishedSummary
CVE-2024-30510Critical10.02024-03-29Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a th…
CVE-2024-3229Critical9.82024-06-19The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistan…
CVE-2024-4442Critical9.12024-05-21The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not…
CVE-2024-37231High8.62024-06-24Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulat…
CVE-2024-39658High7.62024-08-29Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows SQL Inje…
CVE-2022-0920High7.52022-04-11The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to…
CVE-2025-31560High7.22025-04-01Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Privilege Escalation.This issue affects Salon b…
CVE-2023-48319Medium6.82024-05-17Improper Privilege Management vulnerability in Salon Booking System Salon booking system allows Privilege Escalation.This issue affects Salon booking system: f…
CVE-2024-2603Medium6.32024-04-26The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin…
CVE-2022-43487Medium6.12022-12-05Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script.
CVE-2021-24429Medium6.12021-07-12The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low pri…
CVE-2024-2101Medium5.72024-04-17The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing cus…
CVE-2025-32220Medium5.42025-04-04Missing Authorization vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Exploiting Incorrectly Configured Access Control Securit…
CVE-2023-3427Medium5.42023-06-28The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or in…
CVE-2022-0919Medium5.32022-04-11The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated use…
CVE-2024-9882Medium4.82025-05-15The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its set…
CVE-2024-2439Medium4.82024-04-26The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Edito…
CVE-2024-43280Medium4.72024-08-19URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/…
CVE-2024-2102Medium4.72024-04-17The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_prefix' parameter when booking a…
CVE-2024-47316Medium4.32024-10-05Authorization Bypass Through User-Controlled Key vulnerability in Dimitri Grassi Salon booking system salon-booking-system.This issue affects Salon booking sys…