The Salon booking system plugin for WordPress has a security issue that allows anyone to upload any type of file onto the website. This can be done without needing to log in, and it puts the website at risk for a type of attack called remote code execution.