Skip to main content

Salon Booking System CVE-2026-11887

| EUVDEUVD-2026-40921 MEDIUM
2026-07-01 WPScan GHSA-q6pc-8fwh-45m2
4.3
CVSS 3.1 · Vendor: WPScan
Share

Severity by source

Vendor (WPScan) PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
vuln.today AI
4.3 MEDIUM

PR:L confirmed by subscriber-level requirement; I:L reflects settings modification only; C:N and A:N because no data exposure or denial of service occurs.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (WPScan).

CVSS VectorVendor: WPScan

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

5
Analysis Generated
Jul 01, 2026 - 11:27 vuln.today
CVSS changed
Jul 01, 2026 - 11:22 NVD
4.3 (None) 4.3 (MEDIUM)
Patch available
Jul 01, 2026 - 08:01 EUVD
CVE Published
Jul 01, 2026 - 06:00 cve.org
UNKNOWN (no severity yet)
CVE Published
Jul 01, 2026 - 06:00 cve.org
MEDIUM 4.3

DescriptionCVE.org

The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new bookings.

AnalysisAI

Missing authorization on an AJAX endpoint in the Salon Booking System WordPress plugin (all versions before 10.30.20) allows any authenticated subscriber-level user to modify plugin settings and disable the manual approval workflow for new bookings. A publicly available proof-of-concept exists per WPScan's disclosure, making exploitation straightforward for any registered user on affected sites. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Register subscriber account on target WordPress site
Delivery
Obtain valid session cookie
Exploit
Craft POST request to admin-ajax.php with vulnerable action
Execution
Invoke action without authorization check
Persist
Modify booking approval setting
Impact
New bookings auto-approved, bypassing manual review

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid WordPress authenticated session at subscriber privilege level or higher - the CVSS PR:L metric confirms this. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS 3.1 score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) accurately reflects a medium-severity integrity-only flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers a free subscriber account on a target WordPress site running Salon Booking System before 10.30.20 - a trivial step on any site with open registration. They then send a crafted POST request to wp-admin/admin-ajax.php invoking the vulnerable AJAX action with parameters that disable the manual booking approval setting. …
Remediation Vendor-released patch: 10.30.20. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-4442 CRITICAL
9.1 May 21

The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and includ

CVE-2024-3229 CRITICAL
9.8 Jun 19

The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validatio

CVE-2022-0920 HIGH POC
7.5 Apr 11

The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its end

CVE-2024-2603 MEDIUM POC
6.3 Apr 26

The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could a

CVE-2024-30510 CRITICAL
10.0 Mar 29

Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.5. Rated crit

CVE-2021-24429 MEDIUM POC
6.1 Jul 12

The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when b

CVE-2024-2101 MEDIUM POC
5.7 Apr 17

The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field wh

CVE-2022-0919 MEDIUM POC
5.3 Apr 11

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching boo

CVE-2024-37231 CRITICAL
9.1 Jun 24

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Sal

CVE-2024-2439 MEDIUM POC
4.8 Apr 26

The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could a

CVE-2024-2102 MEDIUM POC
4.7 Apr 17

The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field an

CVE-2024-2429 MEDIUM POC
4.3 Apr 26

The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, wh

Share

CVE-2026-11887 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy