- Description
- The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nsl_registration_store_extra_input' function. This makes it possible for unauthenticated attackers to register an account on the site with an arbitrary role, including Administrator, when registering via a social login. The Nextend Social Login plugin must be installed and configured to exploit the vulnerability.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-266
- Hype score
- Not currently trending
⚠️ Critical #WordPress vulnerability (CVE-2025-2470) found in Service Finder Bookings plugin. Unauthenticated users can gain Admin access via social login! 🚨 Details & mitigation tips: https://t.co/WEhGN0GPwf #CyberSecurity #Vulnerability #InfoSec
@threatsbank
26 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-2470 ⚠️🔴 CRITICAL (9.8) 🏢 aonetheme - Service Finder Bookings 🏗️ * 🔗 https://t.co/9NjO68rwJX 🔗 https://t.co/K4c9XIhGvy #CyberCron #VulnAlert #InfoSec https://t.co/73nJwVQBQO
@cybercronai
25 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-2470 - WordPress - HIGH 🚨 🗓️ Date published 2025-04-25 12:15:16 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/YsO2Pmw7Hg
@vulns_space
25 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2470 The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all ver… https://t.co/yfijBBxVq4
@CVEnew
25 Apr 2025
387 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes