Which Salon Booking System – Free Version CVEs are tracked?

Salon Booking System – Free Version tracked CVEs include CVE-2024-30510, CVE-2024-3229, CVE-2024-39658, CVE-2024-4442, and CVE-2025-31560.

How many Salon Booking System – Free Version vulnerabilities have patch guidance?

26 of 26 tracked Salon Booking System – Free Version records include a published patch path.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 26 known issues Latest disclosed Apr 21, 2026

Salon Booking System – Free Version Vulnerabilities

Review known vulnerability records for the WordPress plugin Salon Booking System – Free Version (`salon-booking-system`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-40768, CVE-2025-67954 and CVE-2025-66531, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Apr 30, 2026

Priority CVE Quick Links

Fast paths into Salon Booking System – Free Version CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2024-30510 Critical 9.5.1

CVE-2024-30510 Salon Booking System – Free Version Remote Code Execution

Salon booking system <= 9.5 - Unauthenticated Arbitrary File Upload

CVE-2024-3229 Critical 10.3

CVE-2024-3229 Salon Booking System – Free Version Remote Code Execution

Salon Booking System <= 10.2 - Unauthenticated Arbitrary File Upload

CVE-2024-39658 Critical 10.8

CVE-2024-39658 Salon Booking System – Free Version SQL Injection

Salon booking system <= 10.7 - Authenticated (Administrator+) SQL Injection

CVE-2024-4442 Critical 10.0

CVE-2024-4442 Salon Booking System – Free Version Remote Code Execution

Salon booking system <= 9.9 - Unauthenticated Arbitrary File Deletion

CVE-2025-31560 High 10.15

CVE-2025-31560 Salon Booking System – Free Version Privilege Escalation

Salon booking system <= 10.11 - Authenticated Privilege Escalation

CVE-2022-0920 High 7.6.3

CVE-2022-0920 Salon Booking System – Free Version Vulnerability

Salon Booking System and Salon Booking System Pro <= 7.6.2 - Sensitive Information Disclosure

CVE-2024-2102 High 9.6.3

CVE-2024-2102 Salon Booking System – Free Version Stored Cross-Site Scripting

Salon booking system <= 9.6.2 - Unauthenticated Stored Cross-Site Scripting via 'sms_prefix'

CVE-2023-48319 High 8.7

CVE-2023-48319 Salon Booking System – Free Version Privilege Escalation

Salon booking system < 8.7 - Authenticated (Editor+) Privilege Escalation

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Salon Booking System – Free Version so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

26 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

4 critical and 4 high severity findings.

Recent CVEs

CVE-2026-40768, CVE-2025-67954 and CVE-2025-66531

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2026-40768 Medium Patch path listed

CVE-2026-40768: Salon Booking System – Free Version <= 10.30.24 - Unauthenticated Insecure Direct Object Reference

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 10.30.24 due to missing validation on a u...

Published

Apr 21, 2026

Patch Status

10.30.25

Open CVE-2026-40768 Report

CVE-2025-67954 Low Patch path listed

CVE-2025-67954: Salon booking system <= 10.30.3 - Authenticated (Subscriber+) Information Exposure

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.30.3. This makes it possible for authent...

Published

Jan 21, 2026

Patch Status

10.30.4

Open CVE-2025-67954 Report

CVE-2025-66531 Medium Patch path listed

CVE-2025-66531: Salon booking system <= 10.30.3 - Cross-Site Request Forgery

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.3. This is due to missing or incorrect no...

Published

Dec 07, 2025

Patch Status

10.30.4

Open CVE-2025-66531 Report

Known Vulnerabilities

Reports for Salon Booking System – Free Version

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-40768

CVE-2026-40768: Salon Booking System – Free Version <= 10.30.24 - Unauthenticated Insecure Direct Object Reference

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 10.30.24 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to perform unauth...

Published

Apr 21, 2026

Patched Release

10.30.25

Affected Versions

Versions up to 10.30.24

Next Step

Update to 10.30.25 or newer if supported.

Open CVE-2026-40768 Report Open CVE Reference

Plugin Low Patched: Yes CVE-2025-67954

CVE-2025-67954: Salon booking system <= 10.30.3 - Authenticated (Subscriber+) Information Exposure

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.30.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or con...

Published

Jan 21, 2026

Patched Release

10.30.4

Affected Versions

Versions up to 10.30.3

Next Step

Update to 10.30.4 or newer if supported.

Open CVE-2025-67954 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-66531

CVE-2025-66531: Salon booking system <= 10.30.3 - Cross-Site Request Forgery

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perf...

Published

Dec 07, 2025

Patched Release

10.30.4

Affected Versions

Versions up to 10.30.3

Next Step

Update to 10.30.4 or newer if supported.

Open CVE-2025-66531 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-8492

CVE-2025-8492: Salon Booking System <= 10.22 - Missing Authorization to Unauthenticated AJAX Actions Execution

The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax function in all versions up to, and including, 10.22. This makes it possible...

Published

Sep 10, 2025

Patched Release

10.24

Affected Versions

Versions up to 10.22

Next Step

Update to 10.24 or newer if supported.

Open CVE-2025-8492 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-47583

CVE-2025-47583: Salon booking system <= 10.16 - Cross-Site Request Forgery to Arbitrary Post/Page Deletion

The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.16. This is due to missing or incorrect nonce validation on a function. This makes it pos...

Published

May 15, 2025

Patched Release

10.17

Affected Versions

Versions up to 10.16

Next Step

Update to 10.17 or newer if supported.

Open CVE-2025-47583 Report Open CVE Reference

Plugin Medium Patched: No CVE-2025-32220

CVE-2025-32220: Salon booking system <= 10.29.6 - Missing Authorization

The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 10.29.6. This makes it possible for authenticated a...

Published

Apr 04, 2025

Patched Release

Not published

Affected Versions

Versions up to 10.29.6

Next Step

Open the full report for remediation notes and references.

Open CVE-2025-32220 Report Open CVE Reference

Plugin High Patched: Yes CVE-2025-31560

CVE-2025-31560: Salon booking system <= 10.11 - Authenticated Privilege Escalation

The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 10.11. This makes it possible for authenticated attackers, with Custom-level access and above, to...

Published

Apr 01, 2025

Patched Release

10.15

Affected Versions

Versions up to 10.11

Next Step

Update to 10.15 or newer if supported.

Open CVE-2025-31560 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-47316

CVE-2024-47316: Salon booking system <= 10.9 - Authenticated (Subscriber+) Insecure Direct Object Reference

The Salon Booking System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 10.9 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and abov...

Published

Sep 25, 2024

Patched Release

10.9.1

Affected Versions

Versions up to 10.9

Next Step

Update to 10.9.1 or newer if supported.

Open CVE-2024-47316 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-9882

CVE-2024-9882: Salon Booking System <= 10.9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Salon Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administ...

Published

Sep 13, 2024

Patched Release

10.9.4

Affected Versions

Versions up to 10.9.3

Next Step

Update to 10.9.4 or newer if supported.

Open CVE-2024-9882 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-43280

CVE-2024-43280: Salon booking system <= 10.8.1 - Unauthenticated Open Redirect

The Salon Booking System plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 10.8.1. This is due to insufficient validation on the redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially ma...

Published

Aug 16, 2024

Patched Release

10.9

Affected Versions

Versions up to 10.8.1

Next Step

Update to 10.9 or newer if supported.

Open CVE-2024-43280 Report Open CVE Reference

Plugin Critical Patched: Yes CVE-2024-39658

CVE-2024-39658: Salon booking system <= 10.7 - Authenticated (Administrator+) SQL Injection

The Salon booking system plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in versions up to, and including, 10.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it po...

Published

Aug 01, 2024

Patched Release

10.8

Affected Versions

Versions up to 10.7

Next Step

Update to 10.8 or newer if supported.

Open CVE-2024-39658 Report Open CVE Reference

Plugin Critical Patched: Yes CVE-2024-3229

CVE-2024-3229: Salon Booking System <= 10.2 - Unauthenticated Arbitrary File Upload

The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the SLN_Action_Ajax_ImportAssistants function along with missing authorization checks in all versions up to, and including, 10.2. This makes it possible fo...

Published

Jun 18, 2024

Patched Release

10.3

Affected Versions

Versions up to 10.2

Next Step

Update to 10.3 or newer if supported.

Open CVE-2024-3229 Report Open CVE Reference