https://www.pluginvulnerabilities.com/2017/06/27/cross-site-request-forgery-csrfsettings-change-vulnerability-in-salon-booking-system/

Recently while looking into something else we noticed the plugin Salon booking system has a cross-site request forgery (CSRF) vulnerability in its code to save the plugin’s settings, which could be used to change the PayPal account that payments through the plugin are sent.

The issue is due to the code that handle saving changes to the settings failing check to

Share This

We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.