The Salon booking system plugin for WordPress has a weakness that allows hackers to access sensitive information from the database. This is because the plugin does not properly handle user input and the SQL query is not prepared enough. This vulnerability can only be exploited by attackers who have administrator-level access or higher.