CVE-2025-5954 – WordPress Service Finder SMS System Plugin Unauthenticated Administrator Account Takeover Vulnerability

August 1, 2025

CVE ID : CVE-2025-5954

Published : Aug. 1, 2025, 3:15 a.m. | 21 hours, 40 minutes ago

Description : The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() function. This makes it possible for unauthenticated attackers to register as an administrator user.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5947 – WordPress Service Finder Bookings Privilege Escalation

Next Article Is Agile dead in the age of AI?

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Best React.js Development Services in 2025: Features, Benefits & What to Look For

August 2025: AI updates from the past month

This 3-in-1 charger has a retractable superpower that’s a must for travel

How a legacy hardware company reinvented itself in the AI age

The 13+ best Walmart Labor Day deals 2025: Sales on Apple, Samsung, LG, and more

You can save up to $700 on my favorite Bluetti power stations for Labor Day

Call for Speakers – JS Conf Armenia 2025

Call for Speakers – JS Conf Armenia 2025

Streamlining Application Automation with Laravel’s Task Scheduler

A Fluent Path Builder for PHP and Laravel

Windows 11 KB5064081 24H2 adds taskbar clock, direct download links for .msu offline installer

Windows 11 KB5064081 24H2 adds taskbar clock, direct download links for .msu offline installer

My Family Cinema not Working? 12 Quick Fixes

Super-linter – collection of linters and code analyzers

CVE-2025-5954 – WordPress Service Finder SMS System Plugin Unauthenticated Administrator Account Takeover Vulnerability

WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

Building intelligent AI voice agents with Pipecat and Amazon Bedrock – Part 1

Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild

CVE-2025-4275 – Insyde BIOS UEFI Bootloader Execution

CVE-2025-53371 – DiscordNotifications SSRF and DOS

CVE-2025-53327 – Aioseo Multibyte Descriptions CSRF

How can we build human values into AI?

You can get a Call of Duty: Black Ops 7 themed reward in Black Ops 6 right now, but you have to be quick

CVE-2025-53368 – Citizen MediaWiki XSS Injection Vulnerability

CVE-2025-5954 – WordPress Service Finder SMS System Plugin Unauthenticated Administrator Account Takeover Vulnerability

Related Posts