Lucene search
+L

77 matches found

CNVD
CNVD
added 2025/08/10 12:0 a.m.9 views

WordPress Service Finder Bookings plugin elevation of privilege vulnerability

WordPress Service Finder Bookings plugin is a booking management tool designed for WooCommerce to automate the process of converting common products into bookable services. An elevation of privilege vulnerability exists in the WordPress Service Finder Bookings plugin, which stems from an...

9.8CVSS7.3AI score0.04469EPSS
Exploits2References1
CNVD
CNVD
added 2025/08/10 12:0 a.m.1 views

WordPress Service Finder SMS System plugin elevation of privilege vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Service Finder SMS System plugin that originates from an account takeover and can be exploited by an attacker to...

9.8CVSS7.1AI score0.0041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/03 2:13 p.m.4 views

CVE-2025-5954

The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesmsfnsavedataaftersignup function...

9.8CVSS6.6AI score0.0041EPSS
Exploits0References1
CVE
CVE
added 2025/08/01 3:24 a.m.77 views

CVE-2025-5947

The Service Finder Bookings WordPress plugin (versions

9.8CVSS7.1AI score0.04469EPSS
In wildExploits2References4
Cvelist
Cvelist
added 2025/08/01 3:24 a.m.16 views

CVE-2025-5947 Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the servicefinderswitchback function...

9.8CVSS0.04469EPSS
Exploits2References2
CVE
CVE
added 2025/08/01 2:24 a.m.30 views

CVE-2025-5954

CVE-2025-5954 affects the WordPress plugin Service Finder SMS System (versions

9.8CVSS6.8AI score0.0041EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/01 2:24 a.m.2 views

CVE-2025-5954 Service Finder SMS System <= 2.0.0 - Unauthenticated Privilege Escalation

The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesmsfnsavedataaftersignup function...

9.8CVSS6.6AI score0.0041EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/01 12:0 a.m.8 views

WordPress plugin Service Finder Bookings 安全漏洞

WordPress Service Finder Bookings plugin is a booking management tool designed for WooCommerce to automate the process of converting common products into bookable services. An elevation of privilege vulnerability exists in the WordPress Service Finder Bookings plugin, which stems from an...

9.8CVSS7.2AI score0.04469EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/08/01 12:0 a.m.4 views

WordPress plugin Service Finder SMS System 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Service Finder SMS System plugin that originates from an account takeover and can be exploited by an attacker to...

9.8CVSS7AI score0.0041EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/01 12:0 a.m.8 views

PT-2025-31596 · WordPress · Service Finder Sms System

Name of the Vulnerable Software and Affected Versions: Service Finder SMS System plugin for WordPress versions prior to 2.0.1 Description: The Service Finder SMS System plugin for WordPress is susceptible to privilege escalation, allowing unauthenticated attackers to register as administrator...

9.8CVSS6.7AI score0.0041EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.9 views

PT-2025-31598

Name of the Vulnerable Software and Affected Versions Service Finder Bookings plugin for WordPress versions up to and including 6.0 Description The Service Finder Bookings plugin for WordPress is susceptible to a privilege escalation issue due to an authentication bypass. This occurs because the...

9.8CVSS5.9AI score0.04469EPSS
Exploits2References50
NVD
NVD
added 2025/07/04 12:15 p.m.8 views

CVE-2025-23970

Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through = 6.1...

9.8CVSS0.00684EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/04 11:18 a.m.16 views

CVE-2025-23970 WordPress Service Finder Booking plugin <= 6.1 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through = 6.1...

9.8CVSS0.00684EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/04 11:18 a.m.4 views

CVE-2025-23970 WordPress Service Finder Booking plugin <= 6.1 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through = 6.1...

9.8CVSS5.9AI score0.00684EPSS
Exploits0References1
CVE
CVE
added 2025/07/04 11:18 a.m.26 views

CVE-2025-23970

CVE-2025-23970 concerns the WordPress plugin for aonetheme Service Finder Booking, with an Incorrect Privilege Assignment vulnerability that enables Privilege Escalation . Affected software: Service Finder Booking up to version 6.0. Root cause and impact are stated across Connected documents: mis...

9.8CVSS5.9AI score0.00684EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.6 views

WordPress plugin Service Finder Booking 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

9.8CVSS6.5AI score0.00684EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/04 12:0 a.m.7 views

PT-2025-27898

Name of the Vulnerable Software and Affected Versions: aonetheme Service Finder Booking versions n/a through 6.0 Description: The issue is related to an Incorrect Privilege Assignment vulnerability in the aonetheme Service Finder Booking, allowing Privilege Escalation. Recommendations: For versio...

9.8CVSS6.3AI score0.00684EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/04/27 12:5 p.m.19 views

CVE-2025-2470

The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...

9.8CVSS7.4AI score0.00412EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/25 9:2 p.m.8 views

WordPress Service Finder Bookings plugin <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input' vulnerability

Unauthenticated Privilege Escalation via 'nslregistrationstoreextrainput' vulnerability discovered by Alyudin Nafiie in WordPress Plugin Service Finder Booking versions = 5.1...

9.8CVSS8.3AI score0.00412EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/25 11:12 a.m.20 views

CVE-2025-2470 Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'

The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...

9.8CVSS0.00412EPSS
Exploits0References2
Rows per page
Query Builder