What the vulnerability does
01Description
The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() function. This makes it possible for unauthenticated attackers to register as an administrator user.
Explanation of Vulnerability in Simple Terms
02Summary
The Service Finder SMS System through version 2.0.0 contains a privilege management flaw that allows unauthenticated attackers to gain full control over the application. An attacker can read sensitive data, modify system settings, and disrupt service availability without needing credentials or user interaction. This affects all installations of the affected version.
What an attacker can do
03Attacker Capabilities
Read sensitive data, modify settings, and disrupt service availability without authentication.
Potential impact on your site
04Site Impact
Complete compromise of the Service Finder SMS System; attackers can access all data and disable the service.
Conditions required to exploit
05Prerequisites
Network access to the vulnerable application. No authentication or user interaction required.
Key dates
06Disclosure timeline
August 1, 2025
CVE published
April 8, 2026
Record updated