77 matches found
WordPress Service Finder Bookings plugin elevation of privilege vulnerability
WordPress Service Finder Bookings plugin is a booking management tool designed for WooCommerce to automate the process of converting common products into bookable services. An elevation of privilege vulnerability exists in the WordPress Service Finder Bookings plugin, which stems from an...
WordPress Service Finder SMS System plugin elevation of privilege vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Service Finder SMS System plugin that originates from an account takeover and can be exploited by an attacker to...
CVE-2025-5954
The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesmsfnsavedataaftersignup function...
CVE-2025-5947
The Service Finder Bookings WordPress plugin (versions
CVE-2025-5947 Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the servicefinderswitchback function...
CVE-2025-5954
CVE-2025-5954 affects the WordPress plugin Service Finder SMS System (versions
CVE-2025-5954 Service Finder SMS System <= 2.0.0 - Unauthenticated Privilege Escalation
The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesmsfnsavedataaftersignup function...
WordPress plugin Service Finder Bookings 安全漏洞
WordPress Service Finder Bookings plugin is a booking management tool designed for WooCommerce to automate the process of converting common products into bookable services. An elevation of privilege vulnerability exists in the WordPress Service Finder Bookings plugin, which stems from an...
WordPress plugin Service Finder SMS System 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Service Finder SMS System plugin that originates from an account takeover and can be exploited by an attacker to...
PT-2025-31596 · WordPress · Service Finder Sms System
Name of the Vulnerable Software and Affected Versions: Service Finder SMS System plugin for WordPress versions prior to 2.0.1 Description: The Service Finder SMS System plugin for WordPress is susceptible to privilege escalation, allowing unauthenticated attackers to register as administrator...
PT-2025-31598
Name of the Vulnerable Software and Affected Versions Service Finder Bookings plugin for WordPress versions up to and including 6.0 Description The Service Finder Bookings plugin for WordPress is susceptible to a privilege escalation issue due to an authentication bypass. This occurs because the...
CVE-2025-23970
Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through = 6.1...
CVE-2025-23970 WordPress Service Finder Booking plugin <= 6.1 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through = 6.1...
CVE-2025-23970 WordPress Service Finder Booking plugin <= 6.1 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through = 6.1...
CVE-2025-23970
CVE-2025-23970 concerns the WordPress plugin for aonetheme Service Finder Booking, with an Incorrect Privilege Assignment vulnerability that enables Privilege Escalation . Affected software: Service Finder Booking up to version 6.0. Root cause and impact are stated across Connected documents: mis...
WordPress plugin Service Finder Booking 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
PT-2025-27898
Name of the Vulnerable Software and Affected Versions: aonetheme Service Finder Booking versions n/a through 6.0 Description: The issue is related to an Incorrect Privilege Assignment vulnerability in the aonetheme Service Finder Booking, allowing Privilege Escalation. Recommendations: For versio...
CVE-2025-2470
The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...
WordPress Service Finder Bookings plugin <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input' vulnerability
Unauthenticated Privilege Escalation via 'nslregistrationstoreextrainput' vulnerability discovered by Alyudin Nafiie in WordPress Plugin Service Finder Booking versions = 5.1...
CVE-2025-2470 Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'
The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...