PT-2025-31596 · WordPress · Service Finder Sms System

Friderika Baranyai

Publicado

2025-08-01

Atualizado

2025-08-06

CVE-2025-5954

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Service Finder SMS System plugin for WordPress versions prior to 2.0.1

Description The Service Finder SMS System plugin for WordPress is susceptible to privilege escalation, allowing unauthenticated attackers to register as administrator users. This is due to the plugin’s failure to restrict user role selection during registration through the aonesms fn savedata after signup() function.

Recommendations Update to version 2.0.1 or later.

Correção

LPE

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

CVE-2025-5954

Produtos afetados

Service Finder Sms System

PT-2025-31596 · WordPress · Service Finder Sms System

CVE-2025-5954

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9