CVE-2024-4468

Name of the Vulnerable Software and Affected Versions The Salon booking system plugin for WordPress versions up to, and including, 9.9

Description The issue allows unauthorized access and modification of data due to a missing capability check on several functions hooked into admin init. This makes it possible for authenticated attackers with subscriber access or higher to modify plugin settings and view discount codes intended for other users.

Recommendations For versions up to, and including, 9.9, upgrade to a version higher than 9.9 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings and discount codes to minimize the risk of exploitation.