CVE Details
Basic Information
| Title | Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie |
|---|---|
| Type | cve |
| Published | 2025-08-01T03:24:46.283Z |
| Modified | 2025-08-01T03:24:46.283Z |
Product Information
| Vendor | aonetheme |
|---|---|
| Product | Service Finder Bookings |
| Version | * |
CVSS Information
| Base Score | 9.8 (CRITICAL) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
AI Analysis
| AI Description | The Service Finder Bookings WordPress plugin has a critical vulnerability allowing unauthenticated attackers to bypass authentication and log in as any user, including admins, by exploiting improper cookie validation. |
|---|---|
| AI Severity | Critical |
| AI Vendor | aonetheme |
| AI Product | Service Finder Bookings |
| AI Version | 6.0 |
Affected Products
- aonetheme Service Finder Bookings *
Additional Information
| CWE List | CWE-639 |
|---|---|
| Source | Wordfence |
Description
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user’s cookie value prior to logging them in through the service_finder_switch_back() function. This makes it possible for unauthenticated attackers to login as any user including admins.