41 matches found
Service Finder Bookings - Authentication Bypass
Service Finder Bookings WordPress plugin = 6.0 contains a privilege escalation caused by improper validation of user cookie in servicefinderswitchback function, letting unauthenticated attackers login as any user including admins. id: CVE-2025-5947 info: name: Service Finder Bookings -...
Exploit for CVE-2025-5947
CVE-2025-5947 CVE-2025-5947 WordPress Service Finder Bookings...
WordPress Service Finder Bookings plugin <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_password vulnerability
Authenticated Subscriber+ Privilege Escalation via changecandidatepassword vulnerability discovered by Foxyyy in WordPress Plugin Service Finder Booking versions = 6.0...
CVE-2025-5949
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password change request. This makes it possible for...
CVE-2025-6574
Summary (CVE-2025-6574): The WordPress plugin “Service Finder Bookings” is vulnerable to privilege escalation via account takeover in all versions before 6.1. The issue stems from improper user identity validation before updating account details (e.g., email), enabling authenticated users with su...
CVE-2025-6574 Service Finder Bookings < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for...
CVE-2025-6574 Service Finder Bookings < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for...
EUVD-2025-37415
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password change request. This makes it possible for...
CVE-2025-5949
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password change request. This makes it possible for...
CVE-2025-5949 Service Finder Bookings <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_password
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password change request. This makes it possible for...
CVE-2025-5949
The Service Finder Bookings plugin for WordPress (
CVE-2025-5949 Service Finder Bookings <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_password
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password change request. This makes it possible for...
PT-2025-44707
Name of the Vulnerable Software and Affected Versions Service Finder Bookings plugin for WordPress versions up to and including 6.0 Description The Service Finder Bookings plugin for WordPress is susceptible to privilege escalation, potentially leading to account takeover. This occurs because the...
WordPress plugin Service Finder Bookings 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin Service Finder Bookings 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
Auth Bypass Flaw in Service Finder WordPress Plugin Under Active Exploit
An Authentication Bypass CVE-2025-5947 in Service Finder Bookings plugin allows any unauthenticated attacker to log in as an administrator. Over 13,800 exploit attempts detected. Update to v6.1 immediately...
Attackers Actively Exploiting Critical Vulnerability in Service Finder Bookings Plugin
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🚀 Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,2...
VulnCheck KEV: CVE-2025-5947
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the servicefinderswitchback function...
EUVD-2025-30237
Malicious code in bioql PyPI...
EUVD-2025-12542
Malicious code in bioql PyPI...