CVE-2022-0920: Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure
First published: Mon Apr 11 2022(Updated: )
The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Salon Booking System WordPress Plugin | <7.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-0920?
CVE-2022-0920 is considered a high severity vulnerability due to improper authorization in the Salon Booking System plugins.
How do I fix CVE-2022-0920?
To fix CVE-2022-0920, you should update the Salon Booking System plugin to version 7.6.3 or later.
What are the potential risks of CVE-2022-0920?
The risks of CVE-2022-0920 include unauthorized access to customer bookings and sensitive data.
Which versions of the Salon Booking System are affected by CVE-2022-0920?
CVE-2022-0920 affects versions of the Salon Booking System plugin prior to 7.6.3.
Is there a workaround for CVE-2022-0920?
While the best solution is to update the plugin, temporarily disabling user access to booking data can serve as a workaround until updates are applied.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- agent/source
- vendor/salonbookingsystem
- canonical/salon booking system wordpress plugin