CVE-2026-11887
The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing an
CVSS
4.3
Medio
EPSS
0.2%
p7
KEV
—
Exploit Today
2
0-100
Publicado: 1 jul 2026 · Última mod.: 1 jul 2026
0.1%EPSS · 30 días0.2%
2026-07-012026-07-17
The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new bookings.
Sin CVEs relacionados por CWE o producto.