CVE-2022-0919

CVE-2022-0919: Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure

Vendor Unknown
Product Salon booking system
Weakness CWE-862 · Missing authorization
Published April 11, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it.

Key dates

02Disclosure timeline

April 11, 2022 CVE published
August 2, 2024 Record updated