cleantalk
Vulnerabilities and Security Researches

Salon booking system, CVE-2024-4468

CVE, Research URL

CVE-2024-4468

Home page URL

Security reports for Salon booking system

Application

Salon booking system

Published on
Jun 08, 2024
Research Description
The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber access or higher to modify plugin settings and view discount codes intended for other users.
Affected versions
Min -, max 10.0.
Status
vulnerable
Previous vulnerability researches
Salon booking system (CVE-2025-31560) , Apr 04, 2025
Salon booking system (CVE-2024-37231) , Jun 25, 2024
Salon booking system (CVE-2022-4974) , Nov 15, 2024
Salon booking system (CVE-2024-9882) , Nov 17, 2024
Salon booking system (CVE-2024-4468) , Jun 10, 2024
New vulnerability
EazyDocs – Most Powerful Knowledge base, wiki, Documentation Builder Plugin (easy docs, knowledgebase) (CVE-2025-32221) , Apr 11, 2025
Tutor LMS – eLearning and online course solution (CVE-2025-32230) , Apr 11, 2025
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2025-2541) , Apr 11, 2025
WP-Easy Menu (CVE-2025-32477) , Apr 11, 2025
User Registration Using Contact Form 7 (CVE-2025-32679) , Apr 11, 2025