Unprotected CSRF Vulnerability in Salon Booking System Plugin

CVE-2024-2429

Currently unrated 🤨

Key Information

Vendor: WordPress
Status: Salon Booking System
Vendor: CVE Published:; 26 April 2024

Summary

The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affected Version(s)

Salon booking system <= 9.6.5

Timeline

Vulnerability published.
Apr 26, 2024

Collectors

NVD DatabaseMitre Database

Credit

Bob Matyas

WPScan