📦 Salon Booking System

This vulnerability allows unauthenticated attackers to upload arbitrary files to WordPress sites using the Salon booking system plugin. It affects all versions up to 10.2 due to missing file type vali...

This vulnerability allows unauthenticated attackers to delete arbitrary files on WordPress sites using the Salon booking system plugin. Attackers can delete critical files like wp-config.php, potentia...

The Salon booking system WordPress plugins (Free and Pro) before version 7.6.3 have improper authorization in some API endpoints. This allows customers to access all bookings and other customers' pers...

A missing authorization vulnerability in the Dimitri Grassi Salon booking system WordPress plugin allows attackers to bypass access controls and perform unauthorized actions. This affects all versions...

The Salon booking system WordPress plugin has an authorization bypass vulnerability that allows authenticated users with subscriber-level access or higher to modify plugin settings and view other user...

This vulnerability allows attackers with editor-level access in WordPress to escalate their privileges to administrator level in the Salon Booking System plugin. It affects all WordPress sites running...