{"id":9471,"date":"2025-07-31T22:46:26","date_gmt":"2025-07-31T22:46:26","guid":{"rendered":"http:\/\/localhost\/?p=9471"},"modified":"2025-07-31T22:46:26","modified_gmt":"2025-07-31T22:46:26","slug":"service-finder-sms-system-200-unauthenticated-privilege-escalation","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9471","title":{"rendered":"Service Finder SMS System <= 2.0.0 - Unauthenticated Privilege Escalation"},"content":{"rendered":"<div style=\"font-family: Arial, sans-serif; max-width: 1200px; margin: 0 auto;\">\n<h2 style=\"color: #333; border-bottom: 2px solid #cc0000; padding-bottom: 10px;\">CVE Details<\/h2>\n<div style=\"display: grid; grid-template-columns: repeat(auto-fit, minmax(300px, 1fr)); gap: 20px; margin-bottom: 20px;\">\n<div style=\"padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1);\">\n<h3 style=\"margin-top: 0; \">Basic Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Title<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">Service Finder SMS System <= 2.0.0 - Unauthenticated Privilege Escalation<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Type<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">cve<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Published<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">2025-08-01T02:24:17.625Z<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Modified<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">2025-08-01T02:24:17.625Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<div style=\"padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1);\">\n<h3 style=\"margin-top: 0; \">Product Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Vendor<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">aonetheme<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Product<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">Service Finder SMS System<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Version<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">*<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n<div style=\"padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); margin-bottom: 20px;\">\n<h3 style=\"margin-top: 0; \">CVSS Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Base Score<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd; color: #cc0000; font-weight: bold;\">9.8 (CRITICAL)<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Attack Vector<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<div style=\"padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); margin-bottom: 20px;\">\n<h3 style=\"margin-top: 0; \">AI Analysis<\/h3>\n<table style=\"width:100%; border-collapse: collapse;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">AI Description<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">The Service Finder SMS System WordPress plugin is vulnerable to unauthenticated privilege escalation due to improper user role restrictions during registration. Attackers can exploit this to create administrator accounts, leading to full system control.<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">AI Severity<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">Critical<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">AI Vendor<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">aonetheme<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">AI Product<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">Service Finder SMS System<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">AI Version<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">Up to 2.0.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<div style=\"padding: 15px; border-radius: 5px; margin-bottom: 20px;\">\n<h4 style=\"margin-top: 0; \">Affected Products<\/h4>\n<ul style=\"margin: 0; padding-left: 20px;\">\n<li>aonetheme Service Finder SMS System *<\/li>\n<\/ul>\n<\/div>\n<div style=\"padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); margin-bottom: 20px;\">\n<h3 style=\"margin-top: 0; \">Additional Information<\/h3>\n<table style=\"width:100%; border-collapse: collapse;\">\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">CWE List<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">CWE-269<\/td>\n<\/tr>\n<tr>\n<th style=\"text-align: left; padding: 8px; border-bottom: 1px solid #ddd;\">Source<\/th>\n<td style=\"padding: 8px; border-bottom: 1px solid #ddd;\">Wordfence<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<div style=\"padding: 20px; border-radius: 8px; box-shadow: 0 2px 4px rgba(0,0,0,0.1); margin-bottom: 20px;\">\n<h3 style=\"margin-top: 0; \">Description<\/h3>\n<div style=\"padding: 15px; border-left: 4px solid #4CAF50; \">The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() function. This makes it possible for unauthenticated attackers to register as an administrator user.<\/div>\n<\/div>\n<div style=\"padding: 15px; border-radius: 5px; margin-bottom: 20px;\">\n<h4 style=\"margin-top: 0; \">References<\/h4>\n<ul style=\"margin: 0; padding-left: 20px;\">\n<li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/520c1e8b-d0c1-4201-90bf-0cefab9af7e0?source=cve\" target=\"_blank\">https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/520c1e8b-d0c1-4201-90bf-0cefab9af7e0?source=cve<\/a><\/li>\n<li><a href=\"https:\/\/themeforest.net\/item\/service-finder-service-and-business-listing-wordpress-theme\/15208793\" target=\"_blank\">https:\/\/themeforest.net\/item\/service-finder-service-and-business-listing-wordpress-theme\/15208793<\/a><\/li>\n<\/ul>\n<\/div>\n<div style=\"text-align: center; margin-top: 30px;\">\n<a href=\"\" target=\"_blank\" style=\"display: inline-block; background-color: #4CAF50; color: white; padding: 12px 24px; text-decoration: none; border-radius: 4px; font-weight: bold; transition: background-color 0.3s;\">View Full CVE Details<\/a>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>CVE Details Basic Information Title Service Finder SMS System<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[9,6,8,35,12,13,7,11,5],"class_list":["post-9471","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Service Finder SMS System<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=9471\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Service Finder SMS System\" \/>\n<meta property=\"og:description\" content=\"CVE Details Basic Information Title Service Finder SMS System\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=9471\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-31T22:46:26+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9471#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9471\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Service Finder SMS System\",\"datePublished\":\"2025-07-31T22:46:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9471\"},\"wordCount\":4,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.8\",\"exploit\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=9471#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9471\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9471\",\"name\":\"Service Finder SMS System\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-07-31T22:46:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9471#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=9471\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=9471#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Service Finder SMS System\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Service Finder SMS System","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=9471","og_locale":"en_US","og_type":"article","og_title":"Service Finder SMS System","og_description":"CVE Details Basic Information Title Service Finder SMS System","og_url":"https:\/\/zero.redgem.net\/?p=9471","og_site_name":"zero redgem","article_published_time":"2025-07-31T22:46:26+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=9471#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=9471"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Service Finder SMS System","datePublished":"2025-07-31T22:46:26+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=9471"},"wordCount":4,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.8","exploit","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=9471#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=9471","url":"https:\/\/zero.redgem.net\/?p=9471","name":"Service Finder SMS System","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-07-31T22:46:26+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=9471#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=9471"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=9471#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Service Finder SMS System"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/9471","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9471"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/9471\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9471"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9471"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9471"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}