{"id":76141,"date":"2025-09-25T15:17:39","date_gmt":"2025-09-25T15:17:39","guid":{"rendered":""},"modified":"2025-11-02T15:07:59","modified_gmt":"2025-11-02T21:07:59","slug":"cve-2025-5948-privilege-escalation-vulnerability-in-service-finder-bookings-plugin-for-wordpress","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-5948-privilege-escalation-vulnerability-in-service-finder-bookings-plugin-for-wordpress\/","title":{"rendered":"<strong>CVE-2025-5948: Privilege Escalation Vulnerability in Service Finder Bookings Plugin for WordPress<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The CVE-2025-5948 vulnerability is a critical security flaw discovered in the Service Finder Bookings plugin for WordPress. This vulnerability allows for privilege escalation via account takeover, affecting all versions of the plugin up to and including 6.0. The flaw matters significantly as it allows for unauthenticated attackers to potentially login as any user, including admins, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-9253-stack-based-buffer-overflow-on-linksys-wi-fi-range-extenders-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"84218\">potentially leading to system<\/a> compromise or data leakage.<br \/>\nThis vulnerability specifically affects WordPress sites utilizing the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-7775-critical-memory-overflow-vulnerability-in-netscaler-adc-and-gateway-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"83867\">Service Finder Bookings plugin<\/a> and has the potential to impact millions of businesses globally that depend on this platform for their online presence. Given the potential <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-50972-sql-injection-vulnerability-in-abantecart-1-4-2-with-a-high-severity-score\/\"  data-wpil-monitor-id=\"83517\">severity of this vulnerability<\/a>, it&#8217;s crucial for any organization utilizing this plugin to take immediate steps to address this risk.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-5948<br \/>\nSeverity: Critical (9.8 CVSS Score)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: Low (Subscriber privileges)<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-22404-potential-system-compromise-due-to-use-after-free-vulnerability\/\"  data-wpil-monitor-id=\"85573\">System compromise<\/a> or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-3445093158\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 720px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 22px; font-weight: 600; display: flex; align-items: center; letter-spacing: -0.02em;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 10px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 42px; height: 42px;\" \/>\r\n    <\/a>\r\n    Share secrets securely\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 14px; color: #d1d5db;\">\r\n    Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 18px; color: #a1a1aa;\">\r\n    Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 24px; color: #e4e4e7;\">\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Encrypted identity<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Private Spaces for organizations and teams<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 End-to-end encrypted chat, calls, files, and notes<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Sensitive AI work and protected collaboration<\/li>\r\n    <li>\u2022 Built for information that cannot leak<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px; color: #ffffff;\">\r\n    Our mission is to secure human work alongside AI.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Download Ameeba\r\n    <\/a>\r\n\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Learn More\r\n    <\/a>\r\n  <\/div>\r\n<\/div><\/div>\n<p>Product | Affected Versions<\/p>\n<p>Service Finder Bookings <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-9990-wordpress-helpdesk-integration-plugin-vulnerable-to-local-file-inclusion\/\"  data-wpil-monitor-id=\"87380\">Plugin for WordPress<\/a> | Up to and including 6.0<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The exploit takes advantage of the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-5060-authentication-bypass-vulnerability-in-bravis-user-plugin-for-wordpress\/\"  data-wpil-monitor-id=\"85229\">plugin&#8217;s lack of proper user<\/a> identity validation before claiming a business using the claim_business AJAX action. This lack of validation makes it possible for an <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3498-unauthenticated-user-access-and-modification-of-radiflow-isap-smart-collector-configuration\/\"  data-wpil-monitor-id=\"92251\">unauthenticated attacker to log in as any user<\/a>, including admins.<br \/>\nTo complete the business takeover, the attacker would need subscriber privileges or to brute-force valid IDs. The claim_id is required to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-43930-hashview-0-8-1-account-takeover-via-password-reset-vulnerability\/\"  data-wpil-monitor-id=\"91348\">takeover the admin account<\/a>, but brute-forcing is a practical approach to obtaining valid IDs.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-3349709200\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>An example of exploiting this vulnerability might look like the following pseudocode:<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/wp-admin\/admin-ajax.php?action=claim_business HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/x-www-form-urlencoded\n{ &quot;claim_id&quot;: &quot;brute_force or known_valid_id&quot;, &quot;user&quot;: &quot;admin&quot; }<\/code><\/pre>\n<p>In this example, the attacker is sending a POST <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-8592-wordpress-inspiro-theme-vulnerability-to-cross-site-request-forgery-csrf\/\"  data-wpil-monitor-id=\"85403\">request to the vulnerable<\/a> endpoint, using either a brute-forced or known valid claim_id, and attempting to gain access as the &#8216;admin&#8217; user.<\/p>\n<p><strong>Mitigation Guidance<\/strong><\/p>\n<p>Given the potential <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2022-38693-severe-memory-buffer-overflow-vulnerability-in-fdl1\/\"  data-wpil-monitor-id=\"84524\">severity of this vulnerability<\/a>, it&#8217;s recommended to apply the vendor patch as soon as it becomes available. In the meantime, employing a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can serve as temporary mitigation, reducing the risk of a successful exploit.<br \/>\nRemember to always keep your <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-5931-dokan-pro-plugin-for-wordpress-privilege-escalation-vulnerability\/\"  data-wpil-monitor-id=\"88869\">WordPress plugins<\/a> up-to-date and monitor your systems for any unusual or suspicious activity. Regular penetration <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-57644-critical-vulnerabilities-within-accela-automation-platform-s-test-script-feature\/\"  data-wpil-monitor-id=\"90118\">testing and vulnerability<\/a> assessments can further help identify and mitigate such vulnerabilities before they are exploited.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The CVE-2025-5948 vulnerability is a critical security flaw discovered in the Service Finder Bookings plugin for WordPress. This vulnerability allows for privilege escalation via account takeover, affecting all versions of the plugin up to and including 6.0. The flaw matters significantly as it allows for unauthenticated attackers to potentially login as any user, including [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[76],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-76141","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-privilege-escalation"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/76141","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=76141"}],"version-history":[{"count":12,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/76141\/revisions"}],"predecessor-version":[{"id":85467,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/76141\/revisions\/85467"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=76141"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=76141"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=76141"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=76141"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=76141"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=76141"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=76141"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=76141"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=76141"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}