Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
PR:L confirmed by subscriber-level requirement; I:L reflects settings modification only; C:N and A:N because no data exposure or denial of service occurs.
Primary rating from Vendor (WPScan).
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
5DescriptionCVE.org
The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new bookings.
AnalysisAI
Missing authorization on an AJAX endpoint in the Salon Booking System WordPress plugin (all versions before 10.30.20) allows any authenticated subscriber-level user to modify plugin settings and disable the manual approval workflow for new bookings. A publicly available proof-of-concept exists per WPScan's disclosure, making exploitation straightforward for any registered user on affected sites. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid WordPress authenticated session at subscriber privilege level or higher - the CVSS PR:L metric confirms this. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD CVSS 3.1 score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) accurately reflects a medium-severity integrity-only flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers a free subscriber account on a target WordPress site running Salon Booking System before 10.30.20 - a trivial step on any site with open registration. They then send a crafted POST request to wp-admin/admin-ajax.php invoking the vulnerable AJAX action with parameters that disable the manual booking approval setting. … |
| Remediation | Vendor-released patch: 10.30.20. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Salon Booking System
View allThe Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and includ
The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validatio
The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its end
The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could a
Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.5. Rated crit
The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when b
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field wh
The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching boo
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Sal
The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could a
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field an
The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, wh
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40921
GHSA-q6pc-8fwh-45m2