CVE-2025-2470 CRITICAL

CVE-2025-2470: Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'

Vendor Aonetheme
Product Service Finder Bookings
Weakness CWE-266
Published April 25, 2025
Last update April 8, 2026

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the 'nsl_registration_store_extra_input' function. This makes it possible for unauthenticated attackers to register an account on the site with an arbitrary role, including Administrator, when registering via a social login. The Nextend Social Login plugin must be installed and configured to exploit the vulnerability.

Explanation of Vulnerability in Simple Terms

02Summary

Service Finder Bookings versions 5.1 and earlier contain a critical vulnerability that allows unauthenticated attackers to read sensitive data, modify site content, and disrupt service availability. The vulnerability requires no user interaction and can be exploited remotely over the network. All installations of affected versions should be updated immediately.

What an attacker can do

03Attacker Capabilities

Read sensitive data, modify or delete content, and disrupt site availability without authentication.

Potential impact on your site

04Site Impact

Your site's data, content, and availability are at immediate risk from any internet user.

Conditions required to exploit

05Prerequisites

Network access only; no authentication, user interaction, or special configuration required.

Key dates

06Disclosure timeline

April 25, 2025 CVE published
April 8, 2026 Record updated