WordPress Plugin Vulnerabilities

Service Finder Booking < 3.2 - Unauthenticated Local File Disclosure

Description

The premium Service Finder Booking WordPress plugin was vulnerable to a Local File Disclosure vulnerability that could allow unauthenticated users to include arbitrary files on the server.

Proof of Concept

Affects Plugins

Plugin icon
sf-booking
Fixed in 3.2

References

Exploitdb
43475
URL
https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
7.5 (high)

Miscellaneous

Original Researcher
TELAHDIHAPUS
Verified
No
WPVDB ID
3e5ca4fc-669e-4ebd-b2ab-1fb49b113fd5

Timeline

Publicly Published
2018-01-10 (about 8 years ago)
Added
2020-09-16 (about 5 years ago)
Last Updated
2020-09-17 (about 5 years ago)

Other

Published
Title
Published
2025-03-21
Title
Export and Import Users and Customers < 2.6.3 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function
Published
2025-08-01
Title
Woffice Core < 5.4.27 - Authenticated (Contributor+) Arbitrary File Deletion
Published
2026-05-04
Title
EmailKit < 1.6.6 - Authenticated (Author+) Arbitrary File Read via 'emailkit-editor-template' REST Parameter
Published
2023-01-24
Title
LearnPress Plugin < 4.2.0 - Unauthenticated LFI
Published
2025-04-03
Title
Category Icon < 1.0.2 - Author+ Arbitrary File Download