The Salon booking system plugin for WordPress has a security issue that could allow unauthorized users to access and change data. This is because a necessary check was not included in certain functions, which are connected to the admin_init feature. This vulnerability affects all versions of the plugin up to and including 9.9. As a result, attackers with subscriber access or higher could potentially view and change plugin settings, as well as see discount codes meant for other users.