Known Vulnerabilities for Spa And Salon by Rara Theme
Listed below are 10 of the newest known vulnerabilities associated with "Spa And Salon" by "Rara Theme".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-42666 json | Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions. | Not Provided | 2026-06-15 | 2026-06-15 |
| CVE-2026-40768 json | Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions. | Not Provided | 2026-06-17 | 2026-06-17 |
| CVE-2026-25334 json | Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privil... | Not Provided | 2026-03-25 | 2026-04-24 |
| CVE-2026-15070 json | The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-11887 json | The Salon Booking System WordPress plugin before 10.30.20 does not have proper authorisation checks on one of its AJAX actio... | Not Provided | 2026-07-01 | 2026-07-01 |
| CVE-2026-6320 json | The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and in... | Not Provided | 2026-05-02 | 2026-05-04 |
| CVE-2025-69154 json | Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme <= 6.7 versions. | Not Provided | 2026-07-02 | 2026-07-02 |
| CVE-2025-66531 json | Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Cross Site... | Not Provided | 2025-12-09 | 2026-04-27 |
| CVE-2025-47583 json | Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Cross Site... | Not Provided | 2025-05-19 | 2026-04-23 |
| CVE-2025-32295 json | Missing Authorization vulnerability in wordpresschef Salon Booking Pro salon-booking-plugin-pro-cc allows Exploiting Incorrec... | Not Provided | 2025-05-16 | 2026-04-23 |