Log out
Get PRO

Latest

Input validation vulnerability in Salon booking system 8.4.7

  • Severity: medium-risk
  • Status: Fixed
  • Publication: June 27, 2023

The Salon Booking System plugin for WordPress could be vulnerable to an attack called Cross-Site Request Forgery in versions 8.4.6 and earlier. This means that if a malicious user can trick an administrator into clicking on a link, they could potentially change the admin role to customer or change the user meta to any value they choose without proper authentication. To protect against this, the plugin should have had a nonce validation check on the ‘save_customer’ function.

Detected in:

Salon booking system fixed vulnerable versions: >= * <= 8.4.7
Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.