CVE-2025-5947 Scanner

Service Finder Bookings is a popular WordPress plugin used by small businesses and service providers to manage and schedule appointments online. It is often utilized by companies looking to offer clients an easy way to book services via their websites. This plugin helps streamline appointment scheduling, manage service categories, and handle customer relationships efficiently. Organizations employing Service Finder Bookings aim to increase customer satisfaction by providing an organized booking experience. The plugin is designed to be flexible, enabling customization to fit various business needs. Its widespread use makes it an essential tool for companies that depend heavily on scheduled services.

The vulnerability detected in this plugin is an Authentication Bypass. This occurs when improper validation of a user cookie allows unauthenticated attackers to login as any user, including administrators. Exploiting this vulnerability could lead to unauthorized access to sensitive areas of a website. The critical nature of this vulnerability stems from its potential to result in a complete system compromise. It allows attackers to take over website administration rights, posing significant security risks. Immediate attention and remediation are necessary to prevent exploitation by malicious entities.

The technical details of this vulnerability involve the misuse of user cookies via the service_finder_switch_back() function in the plugin's code. Attackers can exploit this by sending a crafted request to the /wp-admin/admin-ajax.php endpoint, altering the 'original_user_id' cookie value. This enables them to bypass authentication mechanisms and gain administrative access to the WordPress site. The vulnerability is facilitated by the presence of certain response headers that indicate successful login attempts. Additionally, this condition is met when HTTP status codes 301 or 302 are returned, confirming the unauthorized access.

When exploited, this vulnerability can lead to a complete takeover of the affected WordPress site by unauthorized users. Attackers may gain access to confidential data, modify or delete site content, or even inject malicious code to compromise site visitors. They could lock out legitimate users, essentially hijacking the site for malicious purposes. Such exploitation could result in reputational damage, data breaches, and potential financial loss for the affected organization. Therefore, it's crucial to address this security flaw promptly to mitigate risks.

REFERENCES

• https://patchstack.com/database/wordpress/plugin/sf-booking/vulnerability/wordpress-service-finder-bookings-plugin-6-0-authentication-bypass-via-user-switch-cookie-vulnerability
• https://github.com/advisories/GHSA-x2xx-4qhp-2vqx
• https://github.com/M4rgs/CVE-2025-5947_Exploit
• https://nvd.nist.gov/vuln/detail/CVE-2025-5947