WordPress Plugin Vulnerabilities
Salon Booking System < 10.30.20 - Subscriber+ Booking Approval Bypass
Description
The plugin does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a plugin setting and bypass the manual approval of new bookings.
Proof of Concept
Affects Plugins
References
CVE
Classification
Type
NO AUTHORISATION
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
kevin(@OPCIA)
Submitter
kevin(@OPCIA)
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2026-06-10 (about 21 days ago)
Added
2026-06-10 (about 20 days ago)
Last Updated
2026-06-10 (about 20 days ago)