Lucene search
+L

77 matches found

CVE
CVE
added 2025/04/25 11:12 a.m.90 views

CVE-2025-2470

CVE-2025-2470 affects the WordPress plugin Service Finder Bookings (versions up to 5.1). TheRoot cause is a missing restriction on user roles in the function nsl_registration_store_extra_input , allowing unauthenticated attackers to register accounts with arbitrary roles (including Administrator)...

9.8CVSS9.6AI score0.00412EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/25 11:12 a.m.9 views

CVE-2025-2470 Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'

The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...

9.8CVSS9.5AI score0.00412EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/25 12:0 a.m.4 views

WordPress plugin Service Finder Bookings 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS8.6AI score0.00412EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/25 12:0 a.m.4 views

PT-2025-17899 · Unknown · Service Finder Bookings +1

Name of the Vulnerable Software and Affected Versions: Service Finder Bookings plugin for WordPress versions up to and including 5.1 Description: The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation due to a lack of restriction on user role in the nsl registratio...

9.8CVSS9.4AI score0.00412EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2025/03/19 11:10 a.m.4 views

CVE-2024-13442 Service Finder Bookings <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to 1 performing a post-booking auto-login or 2 updating their profile...

9.8CVSS7.7AI score0.00402EPSS
Exploits0References2
CVE
CVE
added 2025/03/19 11:10 a.m.51 views

CVE-2024-13442

CVE-2024-13442 affects the WordPress plugin Service Finder Bookings up to and including version 5.0, causing unauthenticated privilege escalation via account takeover. The root cause is inadequate user identity validation before post-booking auto-login or profile updates (e.g., password changes),...

9.8CVSS9.8AI score0.00402EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/19 11:10 a.m.13 views

CVE-2024-13442 Service Finder Bookings <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.0. This is due to the plugin not properly validating a user's identity prior to 1 performing a post-booking auto-login or 2 updating their profile...

9.8CVSS0.00402EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.3 views

WordPress plugin Service Finder Bookings 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

9.8CVSS8.8AI score0.00402EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/18 9:51 p.m.8 views

WordPress Service Finder Bookings plugin <= 5.0 - Unauthenticated Privilege Escalation via Account Takeover vulnerability

Unauthenticated Privilege Escalation via Account Takeover vulnerability discovered by Tonn in WordPress Plugin Service Finder Booking versions = 5.0...

9.8CVSS8.9AI score0.00402EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2020/09/16 12:0 a.m.11 views

WordPress Service Finder Booking plugin <= 3.0 - Unauthenticated Local File Disclosure vulnerability leading to Local File Inclusion (LFI)

Unauthenticated Local File Disclosure vulnerability leading to Local File Inclusion LFI found by TELAHDIHAPUS in WordPress Service Finder Booking add-on plugin for Service Finder premium theme versions = 3.0. Solution Update the WordPress Service Finder Booking plugin to the latest available...

2.4AI score
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2018/01/11 12:0 a.m.38 views

WordPress Service Finder Booking Local File Disclosure

Exploit Title: Worpress Plugin Service Finder Booking 3.2 - Local File Disclosure Google Dork: N/A Date: 09/01/2018 GMT+7 Exploit Author: telahdihapus Vendor Homepage: https://themeforest.net/user/aonetheme Software Link:...

7.1AI score
Exploits0
wpexploit
wpexploit
added 2018/01/10 12:0 a.m.17 views

Service Finder Booking < 3.2 - Unauthenticated Local File Disclosure

The premium Service Finder Booking WordPress plugin was vulnerable to a Local File Disclosure vulnerability that could allow unauthenticated users to include arbitrary files on the server. http://victim.com/wp-content/plugins/sf-booking/lib/downloads.php?file=/index.php...

2.3AI score
Exploits0References2
Dsquare
Dsquare
added 2018/01/10 12:0 a.m.195 views

WordPress Service Finder Booking File Disclosure

File disclosure vulnerability in Service Finder Booking plugin Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2018/01/10 12:0 a.m.27 views

WordPress Plugin Service Finder Booking 3.2 - Local File Disclosure

WordPress Plugin Service Finder Booking 3.2 - Local File Disclosure Exploit Title: Worpress Plugin Service Finder Booking 3.2 - Local File Disclosure Google Dork: N/A Date: 09/01/2018 GMT+7 Exploit Author: telahdihapus Vendor Homepage: https://themeforest.net/user/aonetheme Software Link:...

0.1AI score
Exploits0
WPVulnDB
WPVulnDB
added 2018/01/10 12:0 a.m.15 views

Service Finder Booking < 3.2 - Unauthenticated Local File Disclosure

The premium Service Finder Booking WordPress plugin was vulnerable to a Local File Disclosure vulnerability that could allow unauthenticated users to include arbitrary files on the server. PoC http://victim.com/wp-content/plugins/sf-booking/lib/downloads.php?file=/index.php...

1.2AI score
Exploits0References2Affected Software1
0day.today
0day.today
added 2018/01/10 12:0 a.m.15 views

Worpress Service Finder Booking < 3.2 Plugin - Local File Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title: Worpress Plugin Service Finder Booking 3.2 - Local File Disclosure Google Dork: N/A Date: 09/01/2018 GMT+7 Exploit Author: telahdihapus Vendor Homepage: https://themeforest.net/user/aonetheme Software Link:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2018/01/10 12:0 a.m.20 views

WordPress Plugin Service Finder Booking &lt; 3.2 - Local File Disclosure

Exploit Title: Worpress Plugin Service Finder Booking 3.2 - Local File Disclosure Google Dork: N/A Date: 09/01/2018 GMT+7 Exploit Author: telahdihapus Vendor Homepage: https://themeforest.net/user/aonetheme Software Link:...

7.4AI score
Exploits0
Rows per page
Query Builder