Get Started

WordPress: Privilege Escalation Vulnerability in Service Finder Bookings Plugin

by the Hossted team
19.03.2025

In Service Finder Bookings plugin for WordPress versions 5.0 and prior a critical severity vulnerability CVE-2024-13442 was detected. This vulnerability allows unauthenticated attackers to take over accounts due to improper identity validation, enabling them to log in as any user with a known email or change passwords, including for administrators, to gain unauthorized access. To address this issue, users should upgrade Service Finder Bookings plugin to versions 5.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13442.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR