WordPress Plugin Vulnerabilities

Salon Booking System < 10.30.20 - Subscriber+ Booking Approval Bypass

Description

The plugin does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a plugin setting and bypass the manual approval of new bookings.

Proof of Concept

Affects Plugins

Fixed in 10.30.20

References

Classification

Type
NO AUTHORISATION
CWE

Miscellaneous

Original Researcher
kevin(@OPCIA)
Submitter
kevin(@OPCIA)
Verified
Yes

Timeline

Publicly Published
2026-06-10 (about 21 days ago)
Added
2026-06-10 (about 20 days ago)
Last Updated
2026-06-10 (about 20 days ago)

Other