CVE-2022-0919: Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure
First published: Mon Apr 11 2022(Updated: )
The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Salon Booking System WordPress Plugin | <7.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-0919?
CVE-2022-0919 has a severity rating that reflects its critical impact on user privacy and security due to unauthorized access to sensitive booking information.
How do I fix CVE-2022-0919?
To fix CVE-2022-0919, update the Salon Booking System WordPress plugin to version 7.6.3 or later.
What type of attack is possible due to CVE-2022-0919?
CVE-2022-0919 allows unauthorized users to search for and access sensitive booking information, which can lead to privacy breaches.
Who is affected by CVE-2022-0919?
Users of the Salon Booking System WordPress plugin versions prior to 7.6.3 are affected by CVE-2022-0919.
What information can be accessed due to CVE-2022-0919?
CVE-2022-0919 allows access to sensitive booking details such as the full name and email of users without proper authentication.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- agent/source
- vendor/salonbookingsystem
- canonical/salon booking system wordpress plugin