Salon Booking System Plugin Vulnerable to Stored Cross-Site Scripting Attacks
CVE-2024-2439

Currently unrated

Key Information:

Vendor

Wordpress

Vendor
CVE Published:
26 April 2024

What is CVE-2024-2439?

The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

References

Timeline

  • Vulnerability published

.
CVE-2024-2439 : Salon Booking System Plugin Vulnerable to Stored Cross-Site Scripting Attacks