The Salon booking system plugin for WordPress has a security flaw in versions up to 7.9. This flaw allows unauthenticated attackers to inject malicious web scripts into pages which could be executed if they can trick a user into clicking on a link. This is possible because the plugin does not properly sanitize input or escape output.