cvedb.io
CVE-2026-11887
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2026-07-01T07:16:22.667 · Last modified 2026-07-01T18:22:46.440

Summary

The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actions, allowing any authenticated user, such as a subscriber, to modify a Salon Booking System WordPress plugin before 10.30.20 setting and bypass the manual approval of new bookings.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.