cleantalk
Vulnerabilities and Security Researches

Salon booking system, CVE-2025-8492

CVE, Research URL

CVE-2025-8492

Home page URL

Security reports for Salon booking system

Application

Salon booking system

Published on
Sep 11, 2025
Research Description
The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax function in all versions up to, and including, 10.22. This makes it possible for unauthenticated attackers to execute AJAX actions, including limited file uploads.
Affected versions
max 10.24.
Status
vulnerable
Previous vulnerability researches
Breaking News WP (CVE-2026-4280) , Apr 24, 2026
Breaking News WP (CVE-2025-31750) , Apr 03, 2025
Breaking News WP (CVE-2025-31751) , Apr 03, 2025
New vulnerability
WordPress Adverts Plugin – Adverts Click Tracker (CVE-2025-57911) , Apr 24, 2026
NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images (CVE-2025-8778) , Apr 24, 2026
MailPoet – Newsletters, Email Marketing, and Automation , Apr 24, 2026
Better Find and Replace (CVE-2025-9334) , Apr 24, 2026
Better Find and Replace (CVE-2025-53466) , Apr 24, 2026