Lucene search
WPScanCVELIST:CVE-2022-0920HistoryApr 11, 2022 - 2:40 p.m.
CVE-2022-0920 Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure
2022-04-1114:40:58
CWE-863
WPScan
www.cve.org
3
cve-2022-0920
salon booking system
wordpress plugins
authorisation
data disclosure
EPSS
0.002
Percentile
58.7%
The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer’s data
CNA Affected
[
{
"product": "Salon booking system",
"vendor": "Unknown",
"versions": [
{
"lessThan": "7.6.3",
"status": "affected",
"version": "7.6.3",
"versionType": "custom"
}
]
},
{
"product": "Salon Booking System Pro",
"vendor": "Unknown",
"versions": [
{
"lessThan": "7.6.3",
"status": "affected",
"version": "7.6.3",
"versionType": "custom"
}
]
}
]Related
patchstack
patchstack
wpvulndb
wpvulndb
Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure
2022-03-21 00:00:00
wpexploit
wpexploit
Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure
2022-03-21 00:00:00
cve
cve
CVE-2022-0920
2022-04-11 15:15:08
prion
prion
Code injection
2022-04-11 15:15:00
nvd
nvd
CVE-2022-0920
2022-04-11 15:15:08