Description
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email attachments. This makes it possible for unauthenticated attackers to read arbitrary local files and exfiltrate them via booking confirmation email attachments.
Published: 2026-05-02
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Salon Booking System – Free Version plugin for WordPress is vulnerable to an arbitrary file read flaw that arises from the public booking flow admitting user‑controlled file‑field values, which are later treated as trusted paths for email attachments. This design flaw allows path traversal, supplying a likely attack vector that exploits the publicly accessible booking endpoint without authentication, enabling an attacker to read any file on the server and exfiltrate it via booking confirmation email attachments.

Affected Systems

The flaw affects WordPress sites running the Salon Booking System – Free Version plugin with versions 10.30.25 and earlier. No specific manufacturer beyond the WordPress plugin is indicated beyond the vendor/brand name used by the CNA.

Risk and Exploitability

The CVSS score of 7.5 indicates a medium‑high severity, reflecting the ability to read sensitive files. No EPSS score is available, so the current exploitation probability cannot be quantified. The vulnerability is not yet listed in CISA’s KEV catalog, suggesting no known public exploits, though the flaw permits unauthenticated compromise and data exfiltration. Attackers would likely exploit the public booking flow to supply a path‑traversal string, trigger the email attachment generation, and receive the file contents via the resulting email.

Generated by OpenCVE AI on May 2, 2026 at 12:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Salon Booking System – Free Version plugin to the latest available release (10.30.26 or newer), which removes the vulnerable file‑path handling.
  • Disable the booking functionality temporarily or restrict its usage to authenticated users while awaiting the plugin update.
  • Sanitize the file attachment field server‑side, ensuring paths are confined within a whitelisted directory to prevent traversal attacks.
  • Change the permissions of the booking attachment directory to restrict read/write access to only the necessary application processes, blocking arbitrary file reads by the web server.

Generated by OpenCVE AI on May 2, 2026 at 12:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Wordpresschef
Wordpresschef salon Booking System Free
Vendors & Products Wordpress
Wordpress wordpress
Wordpresschef
Wordpresschef salon Booking System Free

Mon, 04 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 02 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email attachments. This makes it possible for unauthenticated attackers to read arbitrary local files and exfiltrate them via booking confirmation email attachments.
Title Salon Booking System – Free Version <= 10.30.25 - Unauthenticated Arbitrary File Read via Booking File Field Path Traversal
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Wordpress Wordpress
Wordpresschef Salon Booking System Free
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-05-04T15:37:04.821Z

Reserved: 2026-04-14T20:18:15.555Z

Link: CVE-2026-6320

cve-icon Vulnrichment

Updated: 2026-05-04T15:36:47.000Z

cve-icon NVD

Status : Deferred

Published: 2026-05-02T12:16:16.750

Modified: 2026-05-05T19:15:34.330

Link: CVE-2026-6320

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:44:26Z

Weaknesses