WordPress Plugin Vulnerabilities

Salon booking system < 9.5.1 - Unauthenticated Arbitrary File Upload

Description

The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the save_item_image() function in all versions up to, and including, 9.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

Plugin icon
salon-booking-system
Fixed in 9.5.1

References

CVE
CVE-2024-30510
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/929fd4e6-9040-41cb-98f0-0cfdd80caf42

Miscellaneous

Original Researcher
stealthcopter
Verified
No
WPVDB ID
1d9f0880-1027-40d1-b8ca-435218361508

Timeline

Publicly Published
2024-03-28 (about 2 years ago)
Added
2024-04-03 (about 2 years ago)
Last Updated
2024-04-03 (about 2 years ago)

Other

Published
Title
Published
2025-06-12
Title
FW Food Menu <= 6.0.0 - Unauthenticated Arbitrary File Upload
Published
2014-08-01
Title
Deep-Blue 1.9.2 - Arbitrary File Upload
Published
2023-11-10
Title
Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload
Published
2016-09-26
Title
W3 Total Cache < 0.9.5 – Authenticated Arbitrary File Upload
Published
2024-10-14
Title
WordPress Gallery Plugin – Limb Image Gallery <= 1.5.7 - Authenticated (Subscriber+) Arbitrary File Upload