Service Finder Booking add-on plugin for Service Finder

Vulnerabilities 9Slug sf-booking

Minimum safe version

6.1

Update to 6.1 or later to address 7 fixable vulnerabilities

⚠ 2 vulnerabilities have no fix
High 8.8
2025-11-01< 6.1

Service Finder Bookings < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover

EUVDWordfenceCVE
Critical 9.8 Unfixed
2025-09-19≤ 6.0

Service Finder Bookings <= 6.0 - Unauthenticated Privilege Escalation via claim_business

EUVDWordfenceCVE
High 8.8
2025-11-01< 6.1

Service Finder Bookings <= 6.0 - Authenticated (Subscriber+) Privilege Escalation via change_candidate_password

EUVDWordfenceCVE
Critical 9.8
2025-08-01< 6.1

Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie

EUVDWordfenceCVE
Critical 9.8
2025-04-25< 6.0

Service Finder Bookings <= 5.1 - Unauthenticated Privilege Escalation via 'nsl_registration_store_extra_input'

EUVDWordfenceCVE
N/A
< 3.2

Service Finder Booking &lt; 3.2 - Unauthenticated Local File Disclosure

WPScan
N/A
2020-09-16< 3.2

WordPress Service Finder Booking plugin <= 3.0 - Unauthenticated Local File Disclosure vulnerability leading to Local File Inclusion (LFI)

Patchstack