Description
The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new bookings.
Weaknesses
- — CWE-862 Missing Authorization
Affected products
| Vendor | Product | Versions |
|---|---|---|
| Unknown | Salon Booking System | 0 to <10.30.20 |
References
- https://wpscan.com/vulnerability/ed203765-0482-4d55-b36f-cdab11ed3cf0/ (exploit vdb-entry technical-description)
Generated from the official CVE List on 01 Jul 2026 07:05 UTC.