Unprotected CSRF Vulnerability in Salon Booking System Plugin
CVE-2024-2429
Key Information:
- Vendor
- Wordpress
- Status
- Vendor
- CVE Published:
- 26 April 2024
Badges
Summary
The Salon booking system WordPress plugin, through version 9.6.5, lacks a crucial Cross-Site Request Forgery (CSRF) check when updating its settings. This absence means that an attacker with access to an authenticated admin session could exploit this vulnerability to modify important settings without proper authorization, potentially leading to unauthorized actions on the website. Web administrators must ensure their versions are updated to maintain robust security against CSRF attacks.
Affected Version(s)
Salon booking system 0 <= 9.6.5
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published