CVE-2025-2470

CRITICAL Year: 2025
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-266
View all →

Vulnerability Description

The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nsl_registration_store_extra_input' function. This makes it possible for unauthenticated attackers to register an account on the site with an arbitrary role, including Administrator, when registering via a social login. The Nextend Social Login plugin must be installed and configured to exploit the vulnerability.

Related Vulnerabilities

CVE-2022-3458

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.p...

CWE-2662022

CVE-2022-3735

CRITICAL
CVSS:9.8(Critical)

A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access control...

CWE-2662022

CVE-2022-3771

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipu...

CWE-2662022

CVE-2022-4232

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricte...

CWE-2662022

CVE-2022-4272

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation ...

CWE-2662022

CVE-2022-4273

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employe...

CWE-2662022