cleantalk
Vulnerabilities and Security Researches

Salon booking system, CVE-2021-24429

CVE, Research URL

CVE-2021-24429

Home page URL

Security reports for Salon booking system

Application

Salon booking system

Published on
Jul 13, 2021
Research Description
The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The Payload will then be triggered when an admin visits the "Calendar" page and the malicious script is executed in the admin context.
Affected versions
Min -, max 6.3.1.
Status
vulnerable
Previous vulnerability researches
Salon booking system (CVE-2025-31560) , Apr 04, 2025
Salon booking system (CVE-2024-37231) , Jun 25, 2024
Salon booking system (CVE-2022-4974) , Nov 15, 2024
Salon booking system (CVE-2024-9882) , Nov 17, 2024
Salon booking system (CVE-2024-4468) , Jun 10, 2024
New vulnerability
EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin (easy docs, knowledgebase) (CVE-2025-32221) , Apr 11, 2025
Tutor LMS – eLearning and online course solution (CVE-2025-32230) , Apr 11, 2025
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2025-2541) , Apr 11, 2025
WP-Easy Menu (CVE-2025-32477) , Apr 11, 2025
User Registration Using Contact Form 7 (CVE-2025-32679) , Apr 11, 2025