cleantalk
Vulnerabilities and Security Researches

Salon booking system, CVE-2025-8492

CVE, Research URL

CVE-2025-8492

Home page URL

Security reports for Salon booking system

Application

Salon booking system

Published on
Sep 11, 2025
Research Description
The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax function in all versions up to, and including, 10.22. This makes it possible for unauthenticated attackers to execute AJAX actions, including limited file uploads.
Affected versions
max 10.24.
Status
vulnerable
Previous vulnerability researches
FV Simpler SEO (CVE-2025-68579) , Jan 10, 2026
New vulnerability
Welcart e-Commerce (CVE-2025-9367) , Apr 24, 2026
Checkout Files Upload for WooCommerce (CVE-2025-4212) , Apr 24, 2026
WordPress Adverts Plugin – Adverts Click Tracker (CVE-2025-57911) , Apr 24, 2026
NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images (CVE-2025-8778) , Apr 24, 2026
MailPoet – Newsletters, Email Marketing, and Automation , Apr 24, 2026