Primary

Context

WordPress Service Finder SMS System Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the Service Finder SMS System plugin for WordPress, affecting all versions through 2.0.0. The issue arises because the plugin does not limit user role selection during registration, allowing unauthenticated attackers to create accounts as administrators. This vulnerability is linked to the aonesms_fn_savedata_after_signup() function.

Impact

Exploitation of this vulnerability allows for unauthorized account creation with administrative privileges, potentially leading to further malicious actions within the WordPress site.

Remediation

Users are advised to update the Service Finder SMS System plugin to version 3.0.0 or later, where this vulnerability has been patched.

Added: Aug 1, 2025, 3:17 AM

Updated: Aug 1, 2025, 3:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Service Finder SMS System Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating