CVE-2022-0919

Name of the Vulnerable Software and Affected Versions The Salon booking system Free and pro WordPress plugins versions prior to 7.6.3

Description The issue allows unauthenticated users to search other's bookings and retrieve sensitive information, including full name, email, and phone number of the person who booked it, due to improper authorization when searching bookings.

Recommendations For versions prior to 7.6.3, update to version 7.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the booking search functionality until the update is applied.