CVE-2024-4468

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

he Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber access or higher to modify plugin settings and view discount codes intended for other users.

References

Link	Resource
https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L10	Product
https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L16	Product
https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L7	Product
https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L12	Product
https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L16	Product
https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L231	Product
https://plugins.trac.wordpress.org/changeset/3098413/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php	Patch
https://plugins.trac.wordpress.org/changeset/3098413/salon-booking-system/trunk/src/SLN/Admin/Tools.php	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/8b73f864-68b5-4ba8-93a3-37f2564cc240?source=cve	Third Party Advisory
https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L10	Product
https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L16	Product
https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L7	Product
https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L12	Product
https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L16	Product
https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L231	Product
https://plugins.trac.wordpress.org/changeset/3098413/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php	Patch
https://plugins.trac.wordpress.org/changeset/3098413/salon-booking-system/trunk/src/SLN/Admin/Tools.php	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/8b73f864-68b5-4ba8-93a3-37f2564cc240?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:salonbookingsystem:salon_booking_system:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 09:42

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.4~~	v2 : unknown v3 : 4.3
References	~~() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L10 - Product~~	() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L10 - Product
References	~~() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L16 - Product~~	() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L16 - Product
References	~~() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L7 - Product~~	() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L7 - Product
References	~~() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L12 - Product~~	() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L12 - Product
References	~~() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L16 - Product~~	() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L16 - Product
References	~~() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L231 - Product~~	() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L231 - Product
References	~~() https://plugins.trac.wordpress.org/changeset/3098413/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php - Patch~~	() https://plugins.trac.wordpress.org/changeset/3098413/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php - Patch
References	~~() https://plugins.trac.wordpress.org/changeset/3098413/salon-booking-system/trunk/src/SLN/Admin/Tools.php - Patch~~	() https://plugins.trac.wordpress.org/changeset/3098413/salon-booking-system/trunk/src/SLN/Admin/Tools.php - Patch
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/8b73f864-68b5-4ba8-93a3-37f2564cc240?source=cve - Third Party Advisory~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/8b73f864-68b5-4ba8-93a3-37f2564cc240?source=cve - Third Party Advisory

31 Oct 2024, 18:40

Type	Values Removed	Values Added
CWE		CWE-862
First Time		Salonbookingsystem salon Booking System Salonbookingsystem
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : 5.4
References	~~() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L10 -~~	() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L10 - Product
References	~~() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L16 -~~	() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L16 - Product
References	~~() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L7 -~~	() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L7 - Product
References	~~() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L12 -~~	() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L12 - Product
References	~~() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L16 -~~	() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L16 - Product
References	~~() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L231 -~~	() https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L231 - Product
References	~~() https://plugins.trac.wordpress.org/changeset/3098413/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php -~~	() https://plugins.trac.wordpress.org/changeset/3098413/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php - Patch
References	~~() https://plugins.trac.wordpress.org/changeset/3098413/salon-booking-system/trunk/src/SLN/Admin/Tools.php -~~	() https://plugins.trac.wordpress.org/changeset/3098413/salon-booking-system/trunk/src/SLN/Admin/Tools.php - Patch
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/8b73f864-68b5-4ba8-93a3-37f2564cc240?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/8b73f864-68b5-4ba8-93a3-37f2564cc240?source=cve - Third Party Advisory
CPE		cpe:2.3:a:salonbookingsystem:salon_booking_system::::::wordpress::*

10 Jun 2024, 02:52

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-08 08:15

Updated : 2024-11-21 09:42

NVD link : CVE-2024-4468

Mitre link : CVE-2024-4468

CVE.ORG link : CVE-2024-4468

JSON object : View

Products Affected

salonbookingsystem

salon_booking_system

CWE

CWE-862

Missing Authorization

4.3 /10