CVE-2025-6574
Service Finder Bookings < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
| CWE | CWE-639 |
| Vendor | aonetheme |
| Product | service finder bookings |
| Published | Nov 1, 2025 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for aonetheme service finder bookings
Be the first to know when new high vulnerabilities affecting aonetheme service finder bookings are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
aonetheme / Service Finder Bookings
0 < 6.1
References
Credits
ThΓ‘i An