CVE-2022-0920

HIGH

Salon booking system Free and Pro < 7.6.3 - Unauthenticated Incorrect Authorization

Title source: llm
STIX 2.1

Description

The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/5a5ab7a8-be67-4f70-925c-9cb1eff2fbe0

Scores

CVSS v3 7.5
EPSS 0.0140
EPSS Percentile 69.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-863
Status published
Products (1)
salonbookingsystem/salon_booking_system < 7.6.3
Published Apr 11, 2022
Tracked Since Feb 18, 2026