Primary

Context

Service Finder SMS System WordPress Plugin Authentication Bypass Vulnerability

Vulnerability

A vulnerability allowing authentication bypass has been identified in the Service Finder SMS System plugin for WordPress, affecting all versions through 2.0.0. The issue arises because the plugin fails to verify a user's phone number before logging them in, enabling unauthenticated attackers to log in as any user.

Impact

Exploitation of this vulnerability allows unauthenticated users to log in as arbitrary users, potentially leading to unauthorized access and actions within the affected WordPress site.

Remediation

No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.

Added: Sep 19, 2025, 5:17 AM

Updated: Sep 19, 2025, 5:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Service Finder SMS System WordPress Plugin Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating