cleantalk
Vulnerabilities and Security Researches

Salon booking system, CVE-2024-9882

CVE, Research URL

CVE-2024-9882

Home page URL

Security reports for Salon booking system

Application

Salon booking system

Published on
May 16, 2025
Research Description
The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max 10.9.4.
Status
vulnerable
Previous vulnerability researches
Salon booking system (CVE-2025-31560) , Apr 04, 2025
Salon booking system (CVE-2024-37231) , Jun 25, 2024
Salon booking system (CVE-2022-4974) , Nov 15, 2024
Salon booking system (CVE-2024-9882) , Nov 17, 2024
Salon booking system (CVE-2024-4468) , Jun 10, 2024
New vulnerability
WP LOL Rotation (CVE-2025-49437) , Aug 02, 2025
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor T (CVE-2025-6228) , Aug 02, 2025
Advanced Google Universal Analytics (CVE-2025-28962) , Aug 02, 2025
StreamWeasels Twitch Integration (CVE-2025-7809) , Aug 02, 2025
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2025-49033) , Aug 02, 2025