Medium severity5.3NVD Advisory· Published Sep 11, 2025· Updated Apr 15, 2026

CVE-2025-8492

Description

The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax function in all versions up to, and including, 10.22. This makes it possible for unauthenticated attackers to execute AJAX actions, including limited file uploads.

Affected products

Salonbookingsystem/Salon Booking Systemllm-fuzzy
Range: <=10.22

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/browser/salon-booking-system/tags/10.20/src/SLN/Plugin.phpnvd
plugins.trac.wordpress.org/changeset/3360651/salon-booking-system/trunk/src/SLN/Action/Ajax/UploadFile.phpnvd
www.wordfence.com/threat-intel/vulnerabilities/id/9a63a4ec-80e6-48cc-a778-97fa3917817envd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000