WordPress Plugin Vulnerabilities

Salon booking system < 10.15 - Authenticated Privilege Escalation

Description

The plugin is vulnerable to Privilege Escalation. This makes it possible for authenticated attackers, with Custom-level access and above, to elevate their privileges.

Affects Plugins

Plugin icon
salon-booking-system
Fixed in 10.15

References

CVE
CVE-2025-31560
URL
https://patchstack.com/database/wordpress/plugin/salon-booking-system/vulnerability/wordpress-salon-booking-system-plugin-10-11-privilege-escalation-vulnerability

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Revan Arifio
Verified
No
WPVDB ID
b755cd58-d5b2-43f6-b5be-f3155d7506fb

Timeline

Publicly Published
2025-04-01 (about 1 year ago)
Added
2025-04-08 (about 1 year ago)
Last Updated
2025-04-16 (about 1 year ago)

Other

Published
Title
Published
2024-09-17
Title
Webo-facto < 1.41 - Unauthenticated Privilege Escalation
Published
2026-01-19
Title
Advanced Custom Fields: Extended < 0.9.2.2 - Unauthenticated Privilege Escalation
Published
2025-04-17
Title
Quentn WP < 1.2.9 - Unauthenticated Privilege Escalation
Published
2025-08-15
Title
WPGYM <= 67.7.0 - Missing Authorization to Admin Account Creation
Published
2025-04-30
Title
SureTriggers < 1.0.83 - Unauthenticated Privilege Escalation