Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Salon booking system — Vulnerabilities & Security Advisories 23

All 23 CVE vulnerabilities found in Salon booking system, with AI-generated Chinese analysis, references, and POCs.

This page serves as a comprehensive aggregation resource for vulnerabilities affecting the Salon booking system, categorized by weakness type and associated vendor advisories. It compiles a detailed collection of security flaws, including but not limited to injection flaws, broken access control, and cross-site scripting issues, covering incidents reported from January 2018 through December 2023. By consolidating data from various sources, this repository ensures a historical perspective on how this specific product category has evolved in response to emerging threats. Readers can utilize this interface to track a vendor’s security advisories over time, providing insight into their patching velocity and disclosure practices. Additionally, users can delve into specific weakness classes to understand the underlying technical causes and common mitigation strategies relevant to salon management software. The page also allows for an in-depth look at a product’s vulnerability history, enabling security professionals to assess risk trends and identify recurring patterns in code quality or configuration errors. This structured approach helps organizations evaluating such systems to make informed decisions about their procurement and security posture. The data is organized to facilitate easy comparison across different versions and providers, highlighting which entities have demonstrated stronger commitment to transparency and remediation. Ultimately, this resource aims to enhance the overall security knowledge base for the hospitality and beauty industry technology sector by providing clear, actionable intelligence on known defects.

Vendor: Salon Booking System

CVE IDTitleCVSSSeverityPublished
CVE-2026-11887 Salon Booking System < 10.30.20 - Subscriber+ Booking Approval Bypass --2026-07-01
CVE-2026-40768 WordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerability CWE-639 7.3 High2026-06-17
CVE-2026-42666 WordPress Salon booking system plugin <= 10.30.25 - Broken Access Control vulnerability CWE-862 7.5 High2026-06-15
CVE-2025-67954 WordPress Salon booking system plugin <= 10.30.3 - Sensitive Data Exposure vulnerability CWE-497 6.5 Medium2026-01-22
CVE-2025-66531 WordPress Salon booking system plugin <= 10.30.3 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 4.3 Medium2025-12-09
CVE-2025-47583 WordPress Salon booking system plugin <= 10.16 - CSRF to Arbitrary Content Deletion vulnerability CWE-352 5.4 Medium2025-05-19
CVE-2025-32220 WordPress Salon booking system plugin <= 10.30.23 - Broken Access Control vulnerability CWE-862 5.4 Medium2025-04-04
CVE-2025-31560 WordPress Salon booking system plugin < 10.15 - Privilege Escalation vulnerability CWE-266 7.2 High2025-04-01
CVE-2024-47316 WordPress Salon Booking Wordpress Plugin plugin <= 10.9 - Insecure Direct Object References (IDOR) vulnerability CWE-639 4.3 Medium2024-10-05
CVE-2024-39658 WordPress Salon Booking System plugin <= 10.7 - Authenticated SQL Injection vulnerability CWE-89 7.6 High2024-08-29
CVE-2024-43280 WordPress Salon Booking System plugin <= 10.8.1 - Open Redirection vulnerability CWE-601 4.7 Medium2024-08-19
CVE-2024-37231 WordPress Salon booking system plugin <= 9.9 - Arbitrary File Deletion vulnerability CWE-22 8.6 High2024-06-24
CVE-2023-48319 WordPress Salon booking system plugin < 8.7 - Editor+ Privilege Escalation vulnerability CWE-269 6.8 Medium2024-05-17
CVE-2024-2603 Salon booking system <= 9.6.5 - Editor+ Stored XSS via Email Settings 4.8AIMediumAI2024-04-26
CVE-2024-2429 Salon booking system <= 9.6.5 - Settings Update via CSRF 4.3AIMediumAI2024-04-26
CVE-2024-2439 Salon booking system <= 9.6.5 - Editor+ Stored XSS 4.8AIMediumAI2024-04-26
CVE-2024-2102 Salon booking system < 9.6.3 - Unauthenticated Stored XSS 5.4AIMediumAI2024-04-17
CVE-2024-2101 WordPress Plugin Salon Booking System < 9.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS) 5.4AIMediumAI2024-04-17
CVE-2024-30510 WordPress Salon booking system plugin <= 9.5 - Arbitrary File Upload vulnerability CWE-434 10.0 Critical2024-03-29
CVE-2022-43487 WordPress plugin Salon booking system 跨站脚本漏洞 6.1 -2022-12-05
CVE-2022-0920 Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure CWE-863 7.5 -2022-04-11
CVE-2022-0919 Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure CWE-862 5.3 -2022-04-11
CVE-2021-24429 Salon Booking System < 6.3.1 - Unauthenticated Stored Cross-Site Scripting (XSS) CWE-79 5.4 -2021-07-12

All 23 known CVE vulnerabilities affecting Salon booking system with full Chinese analysis, references, and POCs where available.