The booking system used for salons in WordPress can be easily hacked through a vulnerability called Stored Cross-Site Scripting. This is because the system does not properly check and filter the information that is entered, allowing attackers to insert harmful web scripts. This can be done by anyone with authorized access to the system and can put users at risk when they visit the affected pages.