{"id":34117,"date":"2025-05-01T23:38:43","date_gmt":"2025-05-01T23:38:43","guid":{"rendered":""},"modified":"2025-06-18T05:18:46","modified_gmt":"2025-06-18T11:18:46","slug":"cve-2025-2470-critical-privilege-escalation-vulnerability-in-service-finder-bookings-plugin-for-wordpress","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-2470-critical-privilege-escalation-vulnerability-in-service-finder-bookings-plugin-for-wordpress\/","title":{"rendered":"CVE-2025-2470: Critical Privilege Escalation Vulnerability in Service Finder Bookings Plugin for WordPress<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

Cybersecurity is a key concern for every organization in the digital age, especially for those who use popular platforms like WordPress for their online presence. In this regard, a critical vulnerability, termed as CVE-2025-2470, has been discovered in the Service Finder Bookings plugin for WordPress. This plugin, used by the Service Finder – Directory and Job Board WordPress Theme, is exposed to a serious risk of privilege escalation<\/a> due to a lack of restriction in one of its functions. This vulnerability can potentially<\/a> impact any website that uses this plugin, leading to severe data leakage or even complete system compromise.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-2470
\nSeverity: Critical (9.8)
\nAttack Vector: Via web<\/a>
\nPrivileges Required: None
\nUser Interaction: Required
\nImpact: Complete system compromise<\/a> or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n