77 matches found
CVE-2025-2470
CVE-2025-2470 affects the WordPress plugin Service Finder Bookings (versions up to 5.1). TheRoot cause is a missing restriction on user roles in the function nsl_registration_store_extra_input , allowing unauthenticated attackers to register accounts with arbitrary roles (including Administrator)...
CVE-2025-2470 Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'
The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...
WordPress plugin Service Finder Bookings 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-17899 · Unknown · Service Finder Bookings +1
Name of the Vulnerable Software and Affected Versions: Service Finder Bookings plugin for WordPress versions up to and including 5.1 Description: The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation due to a lack of restriction on user role in the nsl registratio...
CVE-2024-13442 Service Finder Bookings <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to 1 performing a post-booking auto-login or 2 updating their profile...
CVE-2024-13442
CVE-2024-13442 affects the WordPress plugin Service Finder Bookings up to and including version 5.0, causing unauthenticated privilege escalation via account takeover. The root cause is inadequate user identity validation before post-booking auto-login or profile updates (e.g., password changes),...
CVE-2024-13442 Service Finder Bookings <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to 1 performing a post-booking auto-login or 2 updating their profile...
WordPress plugin Service Finder Bookings 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Service Finder Bookings plugin <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover vulnerability
Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by Tonn in WordPress Plugin Service Finder Booking versions = 5.0...
WordPress Service Finder Booking plugin <= 3.0 - Unauthenticated Local File Disclosure vulnerability leading to Local File Inclusion (LFI)
Unauthenticated Local File Disclosure vulnerability leading to Local File Inclusion LFI found by TELAHDIHAPUS in WordPress Service Finder Booking add-on plugin for Service Finder premium theme versions = 3.0. Solution Update the WordPress Service Finder Booking plugin to the latest available...
WordPress Service Finder Booking Local File Disclosure
Exploit Title: Worpress Plugin Service Finder Booking 3.2 - Local File Disclosure Google Dork: N/A Date: 09/01/2018 GMT+7 Exploit Author: telahdihapus Vendor Homepage: https://themeforest.net/user/aonetheme Software Link:...
Service Finder Booking < 3.2 - Unauthenticated Local File Disclosure
The premium Service Finder Booking WordPress plugin was vulnerable to a Local File Disclosure vulnerability that could allow unauthenticated users to include arbitrary files on the server. http://victim.com/wp-content/plugins/sf-booking/lib/downloads.php?file=/index.php...
WordPress Service Finder Booking File Disclosure
File disclosure vulnerability in Service Finder Booking plugin Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
WordPress Plugin Service Finder Booking 3.2 - Local File Disclosure
WordPress Plugin Service Finder Booking 3.2 - Local File Disclosure Exploit Title: Worpress Plugin Service Finder Booking 3.2 - Local File Disclosure Google Dork: N/A Date: 09/01/2018 GMT+7 Exploit Author: telahdihapus Vendor Homepage: https://themeforest.net/user/aonetheme Software Link:...
Service Finder Booking < 3.2 - Unauthenticated Local File Disclosure
The premium Service Finder Booking WordPress plugin was vulnerable to a Local File Disclosure vulnerability that could allow unauthenticated users to include arbitrary files on the server. PoC http://victim.com/wp-content/plugins/sf-booking/lib/downloads.php?file=/index.php...
Worpress Service Finder Booking < 3.2 Plugin - Local File Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: Worpress Plugin Service Finder Booking 3.2 - Local File Disclosure Google Dork: N/A Date: 09/01/2018 GMT+7 Exploit Author: telahdihapus Vendor Homepage: https://themeforest.net/user/aonetheme Software Link:...
WordPress Plugin Service Finder Booking < 3.2 - Local File Disclosure
Exploit Title: Worpress Plugin Service Finder Booking 3.2 - Local File Disclosure Google Dork: N/A Date: 09/01/2018 GMT+7 Exploit Author: telahdihapus Vendor Homepage: https://themeforest.net/user/aonetheme Software Link:...