CVE-2024-13442
📋 TL;DR
This vulnerability allows unauthenticated attackers to take over any user account, including administrators, in WordPress sites using the Service Finder Bookings plugin. Attackers can either auto-login as a user if they know the email address or change the user's password without authentication. All sites with the plugin installed up to version 5.0 are affected.
💻 Affected Systems
- Service Finder Bookings plugin for WordPress
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full site compromise: attackers gain administrative access, leading to data theft, defacement, malware injection, or complete control over the WordPress installation.
Likely Case
Account takeover of regular users or administrators, resulting in unauthorized access, privilege escalation, and potential further attacks on the site or its users.
If Mitigated
Limited impact if the plugin is disabled or removed, but sites remain vulnerable until patched, with risk reduced by strong access controls and monitoring.
🎯 Exploit Status
Exploitation is straightforward, requiring only knowledge of a user's email address or ability to trigger specific plugin functions, making it highly accessible to attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 5.0 (check vendor for exact version)
Vendor Advisory: https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Service Finder Bookings' and update to the latest version. 4. If no update is available, disable or remove the plugin immediately.
🔧 Temporary Workarounds
Disable the plugin
allTemporarily deactivate the Service Finder Bookings plugin to prevent exploitation until a patch can be applied.
wp plugin deactivate service-finder-bookings
🧯 If You Can't Patch
- Disable or uninstall the Service Finder Bookings plugin to eliminate the vulnerability entirely.
- Implement web application firewall (WAF) rules to block requests targeting the vulnerable plugin endpoints, such as those related to auto-login or profile updates.
🔍 How to Verify
Check if Vulnerable:
Check the plugin version in WordPress admin under Plugins > Installed Plugins; if version is 5.0 or earlier, it is vulnerable.Check Version:
wp plugin get service-finder-bookings --field=versionVerify Fix Applied:
After updating, confirm the plugin version is above 5.0 and test that auto-login and profile update functions require proper authentication.📡 Detection & Monitoring
Log Indicators:
- Unusual login attempts or password change requests for user accounts, especially from unauthenticated IP addresses, in WordPress or web server logs.
Network Indicators:
- HTTP POST requests to plugin-specific endpoints like /wp-admin/admin-ajax.php with actions related to booking or profile updates without authentication.
SIEM Query:
source="wordpress_logs" AND (event="authentication_failure" OR event="password_change") AND plugin="service-finder-bookings"