CVE-2022-0920
📋 TL;DR
The Salon booking system WordPress plugins (Free and Pro) before version 7.6.3 have improper authorization in some API endpoints. This allows customers to access all bookings and other customers' personal data. WordPress sites using these vulnerable plugin versions are affected.
💻 Affected Systems
- Salon booking system Free WordPress plugin
- Salon booking system Pro WordPress plugin
📦 What is this software?
Salon Booking System by Salonbookingsystem
⚠️ Risk & Real-World Impact
Worst Case
An attacker could exfiltrate all customer data including names, contact details, booking history, and potentially payment information, leading to data breach, privacy violations, and regulatory fines.
Likely Case
Malicious customers or attackers with customer accounts could view other customers' bookings and personal information, compromising privacy and potentially enabling social engineering attacks.
If Mitigated
With proper authorization controls, customers can only access their own data, maintaining privacy and data segregation as intended.
🎯 Exploit Status
Exploitation requires a customer account but involves simple API calls to unauthorized endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.6.3
Vendor Advisory: https://wpscan.com/vulnerability/5a5ab7a8-be67-4f70-925c-9cb1eff2fbe0
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Salon booking system' plugin. 4. Click 'Update Now' if available, or download version 7.6.3+ from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Disable vulnerable endpoints via .htaccess
allRestrict access to specific plugin API endpoints until patching
# Add to .htaccess in WordPress root directory
<FilesMatch "(booking|api)\.php$">
Order Deny,Allow
Deny from all
</FilesMatch>
🧯 If You Can't Patch
- Disable the Salon booking system plugin entirely until patching is possible
- Implement web application firewall rules to block suspicious API requests to booking endpoints
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for Salon booking system version. If version is below 7.6.3, it's vulnerable.Check Version:
wp plugin list --name="salon booking system" --field=versionVerify Fix Applied:
After updating, verify plugin version shows 7.6.3 or higher in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual API requests to /wp-json/salon/v1/ endpoints from customer accounts
- Multiple failed authorization attempts on booking endpoints
Network Indicators:
- HTTP requests to booking API endpoints with different user IDs than the authenticated user
SIEM Query:
source="wordpress.log" AND (uri_path="/wp-json/salon/v1/bookings" OR uri_path="/wp-json/salon/v1/customers") AND user_agent NOT LIKE "%admin%"