CVE-2025-2470
📋 TL;DR
This vulnerability allows unauthenticated attackers to register WordPress accounts with arbitrary roles, including Administrator, when using social login functionality. It affects all versions of the Service Finder Bookings plugin up to 5.1 when used with the Nextend Social Login plugin. WordPress sites using these vulnerable components are at risk of complete compromise.
💻 Affected Systems
- Service Finder Bookings plugin for WordPress
- Service Finder - Directory and Job Board WordPress Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attackers gain administrative access, can install backdoors, modify content, steal data, and use the site for further attacks.
Likely Case
Attackers create administrator accounts to gain persistent access, deface websites, or install malicious plugins/themes.
If Mitigated
With proper monitoring and access controls, unauthorized admin accounts can be detected and removed before significant damage occurs.
🎯 Exploit Status
Exploitation requires no authentication and minimal technical skill. Attackers can craft registration requests with elevated role parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 5.2 or later
Vendor Advisory: https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793
Restart Required: No
Instructions:
1. Update Service Finder Bookings plugin to version 5.2 or later. 2. Update Service Finder theme if applicable. 3. Verify Nextend Social Login plugin is also updated to latest version.
🔧 Temporary Workarounds
Disable Social Login Registration
allTemporarily disable user registration via social login in Nextend Social Login settings
Disable Vulnerable Plugin
allDeactivate Service Finder Bookings plugin until patched
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block registration requests with role parameters
- Enable detailed user registration logging and monitor for suspicious admin account creation
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Service Finder Bookings version. If version is 5.1 or lower, you are vulnerable.Check Version:
wp plugin list --name='Service Finder Bookings' --field=versionVerify Fix Applied:
After updating, verify plugin version shows 5.2 or higher and test social login registration no longer accepts role parameters.📡 Detection & Monitoring
Log Indicators:
- Unusual user registrations with administrator role
- Multiple registration attempts from same IP
- Registration requests containing role parameters in POST data
Network Indicators:
- HTTP POST requests to registration endpoints with role parameters
- Traffic to social login callback URLs with suspicious parameters
SIEM Query:
source="wordpress.log" AND ("nsl_registration" OR "register") AND ("role" OR "administrator")