WordPress Plugin Vulnerabilities

Salon Booking System < 6.3.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

Description

The plugin does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The Payload will then be triggered when an admin visits the "Calendar" page and the malicious script is executed in the admin context.

Proof of Concept

Affects Plugins

Plugin icon
salon-booking-system
Fixed in 6.3.1

References

CVE
CVE-2021-24429
URL
https://plugins.trac.wordpress.org/changeset/2550306/salon-booking-system

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
9.6 (critical)

Miscellaneous

Original Researcher
Phu Tran from techlabcorp.com
Submitter
Phu Tran
Verified
Yes
WPVDB ID
e922b788-7da5-43b4-9b05-839c8610252a

Timeline

Publicly Published
2021-06-21 (about 4 years ago)
Added
2021-06-21 (about 4 years ago)
Last Updated
2021-06-25 (about 4 years ago)

Other

Published
Title
Published
2021-08-16
Title
SP Project & Document Manager < 4.26 - Reflected Cross-Site Scripting
Published
2024-02-28
Title
Premium Addons for Elementor < 4.10.22 - Contributor+ Stored XSS
Published
2023-12-21
Title
Uncode Core < 2.8.7 - Reflected Cross-Site Scripting
Published
2023-04-24
Title
PushAssist <= 3.0.8 - Reflected Cross-Site Scripting
Published
2025-06-13
Title
Slider, Gallery, and Carousel by MetaSlider < 3.99.0 - Contributor+ Stored XSS via aria-label Parameter