CVE-2025-2470 – Nextend Social Login WordPress Plugin Privilege Escalation Vulnerability

April 25, 2025

CVE ID : CVE-2025-2470

Published : April 25, 2025, 12:15 p.m. | 2 hours, 46 minutes ago

Description : The Service Finder Bookings plugin for WordPress, used by the Service Finder – Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the ‘nsl_registration_store_extra_input’ function. This makes it possible for unauthenticated attackers to register an account on the site with an arbitrary role, including Administrator, when registering via a social login. The Nextend Social Login plugin must be installed and configured to exploit the vulnerability.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2986 – IBM Maximo Asset Management Stored Cross-Site Scripting Vulnerability

Next Article CVE-2024-11917 – Xing and Google Vulnerability: Authentication Bypass in JobSearch WP Job Board Plugin

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

7 MagSafe accessories that I recommend every iPhone user should have

I replaced my Kindle with an iPad Mini as my ebook reader – 8 reasons why I don’t regret it

Windows 11 version 25H2: Everything you need to know about Microsoft’s next OS release

Elden Ring Nightreign already has a duos Seamless Co-op mod from the creator of the beloved original, and it’ll be “expanded on in the future”

Student Record Android App using SQLite

Student Record Android App using SQLite

When Array uses less memory than Uint8Array (in V8)

Laravel 12 Starter Kits: Definite Guide Which to Choose

Photobooth is photobooth software for the Raspberry Pi and PC

Photobooth is photobooth software for the Raspberry Pi and PC

Le notizie minori del mondo GNU/Linux e dintorni della settimana nr 22/2025

Rilasciata PorteuX 2.1: Novità e Approfondimenti sulla Distribuzione GNU/Linux Portatile Basata su Slackware

CVE-2025-2470 – Nextend Social Login WordPress Plugin Privilege Escalation Vulnerability

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Exploit details for max severity Cisco IOS XE flaw now public

Alleged AMCOM Data Breach Exposes Sensitive Military Documents on Dark Web

CVE-2024-8201 – Hitachi Ops Center Analyzer RAID Agent Cross-Site WebSocket Hijacking

GitHub Issues search now supports nested queries and boolean operators: Here’s how we (re)built it

The Xbox Series S is currently only very slightly cheaper than the far more powerful PS5 — is Microsoft okay with this?

I ditched my smartphone for this E Ink handset for two weeks, and it rewired my brain

Path: A Machine Learning Method for Training Small-Scale (Under 100M Parameter) Neural Information Retrieval Models with as few as 10 Gold Relevance Labels

Apple Launches â€˜Private Cloud Computeâ€™ Along with Apple Intelligence AI

10 Best Free and Open Source Terminal-Based Weather Tools

CVE-2025-2470 – Nextend Social Login WordPress Plugin Privilege Escalation Vulnerability

Related Posts