Lucene search
K

6 matches found

Patchstack
Patchstack
added 2025/04/25 9:2 p.m.8 views

WordPress Service Finder Bookings plugin <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input' vulnerability

Unauthenticated Privilege Escalation via 'nslregistrationstoreextrainput' vulnerability discovered by Alyudin Nafiie in WordPress Plugin Service Finder Booking versions = 5.1...

9.8CVSS8.3AI score0.00388EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/04/25 12:15 p.m.11 views

CVE-2025-2470

The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...

9.8CVSS0.00388EPSS
Exploits0References2
Circl
Circl
added 2025/04/25 12:9 p.m.6 views

CVE-2025-2470

creationtimestamp| type| source ---|---|--- 2025-04-25 12:09:52+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13406 2025-04-25 13:19:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnncroikpk2a 2025-04-25 13:48:43+00:00| seen|...

9.8CVSS7.8AI score0.00388EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/25 11:12 a.m.9 views

CVE-2025-2470 Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'

The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...

9.8CVSS9.5AI score0.00388EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/25 11:12 a.m.20 views

CVE-2025-2470 Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'

The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nslregistrationstoreextrainput'...

9.8CVSS0.00388EPSS
Exploits0References2
CVE
CVE
added 2025/04/25 11:12 a.m.90 views

CVE-2025-2470

CVE-2025-2470 affects the WordPress plugin Service Finder Bookings (versions up to 5.1). TheRoot cause is a missing restriction on user roles in the function nsl_registration_store_extra_input , allowing unauthenticated attackers to register accounts with arbitrary roles (including Administrator)...

9.8CVSS9.6AI score0.00388EPSS
Exploits0References2
Rows per page
Query Builder