Name of the Vulnerable Software and Affected Versions:

Service Finder Bookings versions prior to 6.1

Description:

The Service Finder Bookings plugin for WordPress is susceptible to privilege escalation through authentication bypass. This occurs because the plugin does not properly validate a user's cookie value before granting access via the `service finder switch back()` function. This allows unauthenticated attackers to log in as any user, including administrators.

Recommendations:

Disable the plugin and monitor for updates.