Service Finder Bookings < 6.1 – Authentication Bypass via User Switch Cookie | CVE 2025-5947 | Plugin Vulnerabilities

Description

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the service_finder_switch_back() function. This makes it possible for unauthenticated attackers to login as any user including admins.

Affects Plugins

Fixed in 6.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/c1fe4f60-d93b-4071-90ae-ac863c17fe19

Classification

Type

IDOR

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Foxyyy

Verified

No

WPVDB ID

928c76a2-3412-458a-963d-6d8ed84ba214

Timeline

Publicly Published

2025-07-31 (about 8 months ago)

Added

2025-07-31 (about 8 months ago)

Last Updated

2025-08-01 (about 8 months ago)

Other

Published

Title

Published

2024-06-28

Title

Page and Post Clone < 6.1 - Insecure Direct Object Reference to Authenticated (Author+) Sensitive Information Exposure

Published

2026-03-10

Title

Happy Addons for Elementor < 3.21.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Duplication via 'post_id' Parameter

Published

2025-11-29

Title

StreamTube Core < 4.79 - Unauthenticated Arbitrary User Password Change

Published

2026-03-14

Title

NEX-Forms – Ultimate Forms Plugin for WordPress < 9.1.10 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id

Published

2025-05-30

Title

Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking < 1.3.22 - Insecure Direct Object Reference to Sensitive Information Exposure