Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Salon Booking System Pro by Unknown

    CVE-2022-0920 (GCVE-0-2022-0920)

    Vulnerability from nvd – Published: 2022-04-11 14:40 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure
    Summary
    The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data
    Severity
    No CVSS data available.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Salon booking system Affected: 7.6.3 , < 7.6.3 (custom)
    Create a notification for this product.
    Unknown Salon Booking System Pro Affected: 7.6.3 , < 7.6.3 (custom)
    Create a notification for this product.
    Credits
    Huli from Cymetrics
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.834Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/5a5ab7a8-be67-4f70-925c-9cb1eff2fbe0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Salon booking system",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.6.3",
                  "status": "affected",
                  "version": "7.6.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Salon Booking System Pro",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.6.3",
                  "status": "affected",
                  "version": "7.6.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Huli from Cymetrics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer\u0027s data"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-11T14:40:58.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/5a5ab7a8-be67-4f70-925c-9cb1eff2fbe0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Salon booking system \u003c 7.6.3 - Customer+ Bookings/Customers Data Disclosure",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-0920",
              "STATE": "PUBLIC",
              "TITLE": "Salon booking system \u003c 7.6.3 - Customer+ Bookings/Customers Data Disclosure"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Salon booking system",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.6.3",
                                "version_value": "7.6.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Salon Booking System Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.6.3",
                                "version_value": "7.6.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Huli from Cymetrics"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer\u0027s data"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863 Incorrect Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/5a5ab7a8-be67-4f70-925c-9cb1eff2fbe0",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/5a5ab7a8-be67-4f70-925c-9cb1eff2fbe0"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-0920",
        "datePublished": "2022-04-11T14:40:58.000Z",
        "dateReserved": "2022-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0919 (GCVE-0-2022-0919)

    Vulnerability from nvd – Published: 2022-04-11 14:40 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure
    Summary
    The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Salon booking system Affected: 7.6.3 , < 7.6.3 (custom)
    Create a notification for this product.
    Unknown Salon Booking System Pro Affected: 7.6.3 , < 7.6.3 (custom)
    Create a notification for this product.
    Credits
    Huli from Cymetrics
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.636Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/e8f32e0b-4a89-460b-bb78-7c83ef5e16b4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Salon booking system",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.6.3",
                  "status": "affected",
                  "version": "7.6.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Salon Booking System Pro",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.6.3",
                  "status": "affected",
                  "version": "7.6.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Huli from Cymetrics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other\u0027s booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-11T14:40:56.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/e8f32e0b-4a89-460b-bb78-7c83ef5e16b4"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Salon booking system \u003c 7.6.3 - Unauthenticated Sensitive Data Disclosure",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-0919",
              "STATE": "PUBLIC",
              "TITLE": "Salon booking system \u003c 7.6.3 - Unauthenticated Sensitive Data Disclosure"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Salon booking system",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.6.3",
                                "version_value": "7.6.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Salon Booking System Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.6.3",
                                "version_value": "7.6.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Huli from Cymetrics"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other\u0027s booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/e8f32e0b-4a89-460b-bb78-7c83ef5e16b4",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/e8f32e0b-4a89-460b-bb78-7c83ef5e16b4"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-0919",
        "datePublished": "2022-04-11T14:40:56.000Z",
        "dateReserved": "2022-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0920 (GCVE-0-2022-0920)

    Vulnerability from cvelistv5 – Published: 2022-04-11 14:40 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure
    Summary
    The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data
    Severity
    No CVSS data available.
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Salon booking system Affected: 7.6.3 , < 7.6.3 (custom)
    Create a notification for this product.
    Unknown Salon Booking System Pro Affected: 7.6.3 , < 7.6.3 (custom)
    Create a notification for this product.
    Credits
    Huli from Cymetrics
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.834Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/5a5ab7a8-be67-4f70-925c-9cb1eff2fbe0"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Salon booking system",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.6.3",
                  "status": "affected",
                  "version": "7.6.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Salon Booking System Pro",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.6.3",
                  "status": "affected",
                  "version": "7.6.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Huli from Cymetrics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer\u0027s data"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-11T14:40:58.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/5a5ab7a8-be67-4f70-925c-9cb1eff2fbe0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Salon booking system \u003c 7.6.3 - Customer+ Bookings/Customers Data Disclosure",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-0920",
              "STATE": "PUBLIC",
              "TITLE": "Salon booking system \u003c 7.6.3 - Customer+ Bookings/Customers Data Disclosure"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Salon booking system",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.6.3",
                                "version_value": "7.6.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Salon Booking System Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.6.3",
                                "version_value": "7.6.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Huli from Cymetrics"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer\u0027s data"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863 Incorrect Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/5a5ab7a8-be67-4f70-925c-9cb1eff2fbe0",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/5a5ab7a8-be67-4f70-925c-9cb1eff2fbe0"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-0920",
        "datePublished": "2022-04-11T14:40:58.000Z",
        "dateReserved": "2022-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.834Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0919 (GCVE-0-2022-0919)

    Vulnerability from cvelistv5 – Published: 2022-04-11 14:40 – Updated: 2024-08-02 23:47
    VLAI
    Title
    Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure
    Summary
    The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown Salon booking system Affected: 7.6.3 , < 7.6.3 (custom)
    Create a notification for this product.
    Unknown Salon Booking System Pro Affected: 7.6.3 , < 7.6.3 (custom)
    Create a notification for this product.
    Credits
    Huli from Cymetrics
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:47:42.636Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/e8f32e0b-4a89-460b-bb78-7c83ef5e16b4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Salon booking system",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.6.3",
                  "status": "affected",
                  "version": "7.6.3",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Salon Booking System Pro",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.6.3",
                  "status": "affected",
                  "version": "7.6.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Huli from Cymetrics"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other\u0027s booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-11T14:40:56.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/e8f32e0b-4a89-460b-bb78-7c83ef5e16b4"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Salon booking system \u003c 7.6.3 - Unauthenticated Sensitive Data Disclosure",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-0919",
              "STATE": "PUBLIC",
              "TITLE": "Salon booking system \u003c 7.6.3 - Unauthenticated Sensitive Data Disclosure"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Salon booking system",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.6.3",
                                "version_value": "7.6.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Salon Booking System Pro",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.6.3",
                                "version_value": "7.6.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Huli from Cymetrics"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other\u0027s booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862 Missing Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/e8f32e0b-4a89-460b-bb78-7c83ef5e16b4",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/e8f32e0b-4a89-460b-bb78-7c83ef5e16b4"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-0919",
        "datePublished": "2022-04-11T14:40:56.000Z",
        "dateReserved": "2022-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-02T23:47:42.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }