CVE-2025-2470 – Nextend Social Login WordPress Plugin Privilege Escalation Vulnerability

April 25, 2025

CVE ID : CVE-2025-2470

Published : April 25, 2025, 12:15 p.m. | 2 hours, 46 minutes ago

Description : The Service Finder Bookings plugin for WordPress, used by the Service Finder – Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the ‘nsl_registration_store_extra_input’ function. This makes it possible for unauthenticated attackers to register an account on the site with an arbitrary role, including Administrator, when registering via a social login. The Nextend Social Login plugin must be installed and configured to exploit the vulnerability.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2986 – IBM Maximo Asset Management Stored Cross-Site Scripting Vulnerability

Next Article CVE-2024-11917 – Xing and Google Vulnerability: Authentication Bypass in JobSearch WP Job Board Plugin

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Just days after joining Game Pass, the Xbox PC edition of Call of Duty: WW2 is taken offline for “an issue”

Xbox layoffs and game cuts wreak havoc on talented developers and the company’s future portfolio — Weekend discussion 💬

Microsoft plans to revamp Recall in Windows 11 with these new features

This 4K OLED monitor has stereo speakers that follow you — but it’s missing something “imPORTant”

Flaget – new small 5kB CLI argument parser

Flaget – new small 5kB CLI argument parser

The dog days of JavaScript summer

Databricks Lakebase – Database Branching in Action

Just days after joining Game Pass, the Xbox PC edition of Call of Duty: WW2 is taken offline for “an issue”

Just days after joining Game Pass, the Xbox PC edition of Call of Duty: WW2 is taken offline for “an issue”

Xbox layoffs and game cuts wreak havoc on talented developers and the company’s future portfolio — Weekend discussion 💬

Microsoft plans to revamp Recall in Windows 11 with these new features

CVE-2025-2470 – Nextend Social Login WordPress Plugin Privilege Escalation Vulnerability

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

CVE-2025-43949 – MuM MapEdit SQL Injection Vulnerability

BeyondTrust PRA Vulnerability (CVE-2025-0217) Enables Session Hijacking via Authentication Bypass

CVE-2015-4582 – TheCartPress Boot Store WordPress Header PHP TCP Register Error XSS

How to Use Local Notifications in Flutter – A Tutorial for Beginners

This massive Windows 11 update ships next month — but you can grab it today

Canon CVE-2025-1268 Vulnerability: A Buffer Overflow Threatening Printer Security

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

CVE-2025-31264 – Apple macOS Locked Device State Management Authentication Bypass

CVE-2025-2470 – Nextend Social Login WordPress Plugin Privilege Escalation Vulnerability

Related Posts