Salonbookingsystem Salon Booking System — known CVE vulnerabilities
Every CVE whose affected-product data names Salonbookingsystem Salon Booking System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2024-30510 — CVSS 10.0 (critical): Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking…
CVE-2024-3229 — CVSS 9.8 (critical): The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the…
CVE-2024-4442 — CVSS 9.1 (critical): The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is…
CVE-2024-37231 — CVSS 8.6 (high): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system…
CVE-2024-39658 — CVSS 7.6 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking…
CVE-2022-0920 — CVSS 7.5 (high): The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could…
CVE-2025-31560 — CVSS 7.2 (high): Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Privilege Escalation.This…
CVE-2023-48319 — CVSS 6.8 (medium): Improper Privilege Management vulnerability in Salon Booking System Salon booking system allows Privilege Escalation.This issue affects…
CVE-2024-2603 — CVSS 6.3 (medium): The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2021-24429 — CVSS 6.1 (medium): The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an…
CVE-2022-43487 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an…
CVE-2024-2101 — CVSS 5.7 (medium): The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an…
CVE-2025-32220 — CVSS 5.4 (medium): Missing Authorization vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Exploiting Incorrectly Configured…
CVE-2023-3427 — CVSS 5.4 (medium): The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is…
CVE-2022-0919 — CVSS 5.3 (medium): The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any…
CVE-2024-9882 — CVSS 4.8 (medium): The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and…
CVE-2024-2439 — CVSS 4.8 (medium): The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-2102 — CVSS 4.7 (medium): The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_prefix'…
CVE-2024-43280 — CVSS 4.7 (medium): URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects Salon…
CVE-2024-47316 — CVSS 4.3 (medium): Authorization Bypass Through User-Controlled Key vulnerability in Dimitri Grassi Salon booking system salon-booking-system.This issue…
CVE-2024-4468 — CVSS 4.3 (medium): The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability…
CVE-2024-2429 — CVSS 4.3 (medium): The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow…