CVE-2025-5949 | aonetheme Service Finder Bookings Plugin up to 6.0 on WordPress change_candidate_password privilege escalation

A vulnerability marked as critical has been reported in aonetheme Service Finder Bookings Plugin up to 6.0 on WordPress. This issue affects the function change_candidate_password. Performing manipulation results in privilege escalation.

This vulnerability was named CVE-2025-5949. The attack may be initiated remotely. There is no available exploit.VulDB Recent EntriesRead More