Service Finder Bookings - Authentication Bypass

Service Finder Bookings WordPress plugin = 6.0 contains a privilege escalation caused by improper validation of user cookie in servicefinderswitchback function, letting unauthenticated attackers login as any user including admins. id: CVE-2025-5947 info: name: Service Finder Bookings -...

Exploit for CVE-2025-5947

CVE-2025-5947 CVE-2025-5947 WordPress Service Finder Bookings...

CVE-2025-23970

Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through = 6.1...

WordPress Service Finder Bookings plugin <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_password vulnerability

Authenticated Subscriber+ Privilege Escalation via changecandidatepassword vulnerability discovered by Foxyyy in WordPress Plugin Service Finder Booking versions = 6.0...

CVE-2025-5949

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password change request. This makes it possible for...

CVE-2025-6574

Summary (CVE-2025-6574): The WordPress plugin “Service Finder Bookings” is vulnerable to privilege escalation via account takeover in all versions before 6.1. The issue stems from improper user identity validation before updating account details (e.g., email), enabling authenticated users with su...

CVE-2025-6574 Service Finder Bookings < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for...

CVE-2025-6574 Service Finder Bookings < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for...

EUVD-2025-37415

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password change request. This makes it possible for...

CVE-2025-5949

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password change request. This makes it possible for...

CVE-2025-5949

The Service Finder Bookings plugin for WordPress (

CVE-2025-5949 Service Finder Bookings <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_password

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password change request. This makes it possible for...

CVE-2025-5949 Service Finder Bookings <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_password

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password change request. This makes it possible for...

WordPress plugin Service Finder Bookings 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Service Finder Bookings 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-44707

Name of the Vulnerable Software and Affected Versions Service Finder Bookings plugin for WordPress versions up to and including 6.0 Description The Service Finder Bookings plugin for WordPress is susceptible to privilege escalation, potentially leading to account takeover. This occurs because the...

Auth Bypass Flaw in Service Finder WordPress Plugin Under Active Exploit

An Authentication Bypass CVE-2025-5947 in Service Finder Bookings plugin allows any unauthenticated attacker to log in as an administrator. Over 13,800 exploit attempts detected. Update to v6.1 immediately...

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites. The authentication bypass vulnerability, tracked as...

WordPress Service Finder Bookings plugin <= 6.0 - Authentication Bypass via User Switch Cookie vulnerability

Authentication Bypass via User Switch Cookie vulnerability discovered by Foxyyy in WordPress Plugin Service Finder Booking versions = 6.0...

Attackers Actively Exploiting Critical Vulnerability in Service Finder Bookings Plugin

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🚀 Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,2...