A critical vulnerability has been discovered in the Salon Booking System WordPress plugin, designated as CVE-2024-30510. This flaw allows for the unrestricted upload of files with dangerous types, impacting versions up to 9.5 of the plugin. Discovered by stealthcopter, the vulnerability permits malicious actors to upload various file types to a website, potentially leading to the execution of backdoors for further unauthorized access.
The vulnerability has been addressed in version 9.5.1 of the Salon Booking System plugin, providing a solution to mitigate the risk of arbitrary file uploads. This fix was reported and published by Patchstack, ensuring that users are alerted and provided with protections up to 48 hours in advance. To safeguard websites from exploitation, it is recommended to promptly update the Salon Booking System plugin to the latest available version, specifically version 9.5.1 or higher.
With the potential for unauthorized file uploads, this vulnerability poses a significant security risk to websites utilizing the Salon Booking System plugin. By leveraging the fix provided in version 9.5.1, website administrators can ensure the integrity and security of their online platforms. Additionally, proactive measures such as regular plugin updates and security monitoring can help prevent similar vulnerabilities from being exploited in the future.
