CVE-2025-5947 – WordPress Service Finder Bookings Privilege Escalation

August 1, 2025

CVE ID : CVE-2025-5947

Published : Aug. 1, 2025, 4:16 a.m. | 20 hours, 39 minutes ago

Description : The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user’s cookie value prior to logging them in through the service_finder_switch_back() function. This makes it possible for unauthenticated attackers to login as any user including admins.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7443 – BerqWP Arbitrary File Upload Vulnerability

Next Article CVE-2025-5954 – WordPress Service Finder SMS System Plugin Unauthenticated Administrator Account Takeover Vulnerability

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2025-5947 – WordPress Service Finder Bookings Privilege Escalation

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

Researchers from Sea AI Lab, UCAS, NUS, and SJTU Introduce FlowReasoner: a Query-Level Meta-Agent for Personalized System Generation

CVE-2025-4937 – SourceCodester Apartment Visitor Management System SQL Injection Vulnerability

Celebrating Global Accessibility Awareness Day (GAAD)

CVE-2025-4538 – KKFileView Unrestricted File Upload Vulnerability

Grounded 2 needed to happen, and I’m so glad it did — because now I can ride a giant ant into battle

Microsoft quietly implies Windows has LOST millions of users since Windows 11 debut — are people really abandoning ship?

Full Guide to Understand Prompt Engineering

Prime members can save $10 on any $20 or more Grubhub+ order for a limited time – here’s how

CVE-2025-5947 – WordPress Service Finder Bookings Privilege Escalation

Related Posts