What the vulnerability does
01Description
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the service_finder_switch_back() function. This makes it possible for unauthenticated attackers to login as any user including admins.
Explanation of Vulnerability in Simple Terms
02Summary
Service Finder Bookings versions 6.0 and earlier contain a critical vulnerability that allows unauthenticated attackers to read sensitive data, modify site content, or disrupt service availability without any user interaction. The vulnerability stems from insufficient authorization controls. All installations should update immediately to a patched version.
What an attacker can do
03Attacker Capabilities
Read sensitive data, modify content, or disable the site without logging in.
Potential impact on your site
04Site Impact
Attackers can access private booking data, alter reservations, or take the booking system offline.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
August 1, 2025
CVE published
April 8, 2026
Record updated