Service Finder Bookings < 6.1 - Authenticated (Subscriber+) Privilege Escalation...

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.

AI Analysis

Privilege escalation via account takeover due to improper user identity validation

Basic Information

ID CVE-2025-6574

Source Wordfence

Published Nov 1, 2025 at 06:40

Affected Product

Vendor aonetheme

Product Service Finder Bookings

Version *

Affected Versions aonetheme Service Finder Bookings *

CWE Classification

CWE-639

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor aonetheme

Product Service Finder Bookings

Version < 6.1

References

{
    "lastseen": "",
    "description": "The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.",
    "published": "2025-11-01T06:40:36.491Z",
    "modified": "2025-11-01T06:40:36.491Z",
    "type": "cve",
    "title": "Service Finder Bookings < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/264cb002-bf40-4cc2-9c21-cda9bb24f494?source=cve\nhttps://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793",
    "id": "CVE-2025-6574",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "aonetheme Service Finder Bookings *",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Service Finder Bookings",
    "version": "*",
    "vendor": "aonetheme",
    "ai_description": "Privilege escalation via account takeover due to improper user identity validation",
    "ai_severity": "High",
    "ai_vendor": "aonetheme",
    "ai_product": "Service Finder Bookings",
    "ai_version": "< 6.1",
    "ai_score": 8.8
}

Service Finder Bookings < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover_CVE-2025-6574