Salonbookingsystem Salon_booking_system
22 CVEs affecting Salonbookingsystem Salon_booking_system. Latest disclosed: 2025-05-15. Critical: 3, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-30510 | Critical | 10.0 | 2024-03-29 | Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a th… |
CVE-2024-3229 | Critical | 9.8 | 2024-06-19 | The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistan… |
CVE-2024-4442 | Critical | 9.1 | 2024-05-21 | The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not… |
CVE-2024-37231 | High | 8.6 | 2024-06-24 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulat… |
CVE-2024-39658 | High | 7.6 | 2024-08-29 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows SQL Inje… |
CVE-2022-0920 | High | 7.5 | 2022-04-11 | The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to… |
CVE-2025-31560 | High | 7.2 | 2025-04-01 | Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Privilege Escalation.This issue affects Salon b… |
CVE-2023-48319 | Medium | 6.8 | 2024-05-17 | Improper Privilege Management vulnerability in Salon Booking System Salon booking system allows Privilege Escalation.This issue affects Salon booking system: f… |
CVE-2024-2603 | Medium | 6.3 | 2024-04-26 | The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin… |
CVE-2022-43487 | Medium | 6.1 | 2022-12-05 | Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script. |
CVE-2021-24429 | Medium | 6.1 | 2021-07-12 | The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low pri… |
CVE-2024-2101 | Medium | 5.7 | 2024-04-17 | The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing cus… |
CVE-2025-32220 | Medium | 5.4 | 2025-04-04 | Missing Authorization vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Exploiting Incorrectly Configured Access Control Securit… |
CVE-2023-3427 | Medium | 5.4 | 2023-06-28 | The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or in… |
CVE-2022-0919 | Medium | 5.3 | 2022-04-11 | The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated use… |
CVE-2024-9882 | Medium | 4.8 | 2025-05-15 | The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its set… |
CVE-2024-2439 | Medium | 4.8 | 2024-04-26 | The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Edito… |
CVE-2024-43280 | Medium | 4.7 | 2024-08-19 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/… |
CVE-2024-2102 | Medium | 4.7 | 2024-04-17 | The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_prefix' parameter when booking a… |
CVE-2024-47316 | Medium | 4.3 | 2024-10-05 | Authorization Bypass Through User-Controlled Key vulnerability in Dimitri Grassi Salon booking system salon-booking-system.This issue affects Salon booking sys… |