The Salon Booking System plugin for WordPress is vulnerable to a security issue. If someone is using version 8.4.6 or earlier, attackers can use a special type of attack called Cross-Site Request Forgery to make changes to the admin settings. This can include changing the role of the admin from administrator to customer or changing the user details to something else. For this to happen, the attacker needs to be able to get a site administrator to click on a link.