Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wordpresschef — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting wordpresschef. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WordPresschef primarily develops WordPress themes and plugins for website customization and functionality. Historically, vulnerabilities associated with this developer include multiple remote code execution (RCE) flaws, cross-site scripting (XSS) issues, and privilege escalation weaknesses, often stemming from insufficient input validation and improper access controls. Security characteristics include regular but inconsistent patching cycles, with notable incidents including CVE-2021-24364 and CVE-2021-24365, both allowing RCE through unauthenticated endpoints. The developer's products have been frequently exploited in mass attacks, particularly in supply chain compromises affecting thousands of websites. While newer versions show improved security practices, legacy vulnerabilities remain a concern for unpatched installations.

Top products by wordpresschef: Salon Booking System – Free Version Salon Booking Pro Salon Booking System Pro
CVE IDTitleCVSSSeverityPublished
CVE-2026-6320 Salon Booking System – Free Version <= 10.30.25 - Unauthenticated Arbitrary File Read via Booking File Field Path Traversal — Salon Booking System – Free VersionCWE-22 7.5 High2026-05-02
CVE-2026-25334 WordPress Salon Booking System Pro plugin < 10.30.12 - Account Takeover vulnerability — Salon Booking System ProCWE-266 8.1 High2026-03-25
CVE-2025-8492 Salon Booking System <= 10.22 - Missing Authorization to Unauthenticated AJAX Actions Execution — Salon Booking System – Free VersionCWE-862 5.3 Medium2025-09-11
CVE-2025-32295 WordPress Salon Booking Wordpress plugin <= 10.10.2 - Broken Access Control vulnerability — Salon Booking ProCWE-862 4.3 Medium2025-05-16
CVE-2024-3229 Salon Booking System <= 10.2 - Unauthenticated Arbitrary File Upload — Salon Booking System – Free VersionCWE-434 9.8 Critical2024-06-19
CVE-2024-4468 Salon booking system <= 9.9 - Missing Authorization — Salon Booking System – Free VersionCWE-280 4.3 Medium2024-06-08
CVE-2024-4442 Salon booking system <= 9.9 - Unauthenticated Arbitrary File Deletion — Salon Booking System – Free VersionCWE-22 9.1 Critical2024-05-21
CVE-2023-3427 Salon Booking System <= 8.4.6 - Cross-Site Request Forgery to Admin Role Change to Customer, User Meta Update via save_customer — Salon Booking System – Free VersionCWE-352 5.4 Medium2023-06-28

This page lists every published CVE security advisory associated with wordpresschef. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.