CVE-2025-2470 – Nextend Social Login WordPress Plugin Privilege Escalation Vulnerability

April 25, 2025

CVE ID : CVE-2025-2470

Published : April 25, 2025, 12:15 p.m. | 2 hours, 46 minutes ago

Description : The Service Finder Bookings plugin for WordPress, used by the Service Finder – Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the ‘nsl_registration_store_extra_input’ function. This makes it possible for unauthenticated attackers to register an account on the site with an arbitrary role, including Administrator, when registering via a social login. The Nextend Social Login plugin must be installed and configured to exploit the vulnerability.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2986 – IBM Maximo Asset Management Stored Cross-Site Scripting Vulnerability

Next Article CVE-2024-11917 – Xing and Google Vulnerability: Authentication Bypass in JobSearch WP Job Board Plugin

Highlights

CVE-2025-5497 – Slackero PHPWCMS Feedimport Module Deserialization Vulnerability

June 3, 2025

CVE ID : CVE-2025-5497

Published : June 3, 2025, 1:15 p.m. | 2 hours, 14 minutes ago

Description : A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been declared as critical. This vulnerability affects unknown code of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. The manipulation of the argument cnt_text leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

From Data To Decisions: UX Strategies For Real-Time Dashboards

Honeycomb launches AI observability suite for developers

Low-Code vs No-Code Platforms for Node.js: What CTOs Must Know Before Investing

ServiceNow unveils Zurich AI platform

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Optimizely Mission Control – Part III

Optimizely Mission Control – Part III

Learning from PHP Log to File Example

Online EMI Calculator using PHP – Calculate Loan EMI, Interest, and Amortization Schedule

DistroWatch Weekly, Issue 1139

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

Dmitry — The Deep Magic

CVE-2025-2470 – Nextend Social Login WordPress Plugin Privilege Escalation Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

NVIDIA AI Introduces Fast-dLLM: A Training-Free Framework That Brings KV Caching and Parallel Decoding to Diffusion LLMs

LightOn AI Released GTE-ModernColBERT-v1: A Scalable Token-Level Semantic Search Model for Long-Document Retrieval and Benchmark-Leading Performance

Apple names the best designed apps of 2025 – did your favorite make the list?

CVE-2024-48905 – Sematell ReplyOne Authentication Bypass

CVE-2025-5497 – Slackero PHPWCMS Feedimport Module Deserialization Vulnerability

CVE-2025-57804 – Apache H2 HTTP/2 Request Smuggling Vulnerability

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

CISA Issued ICS Advisories Covering Current Vulnerabilities and Exploits

CVE-2025-2470 – Nextend Social Login WordPress Plugin Privilege Escalation Vulnerability

Related Posts