Close Menu
Cyber Updates

Major Security Flaw in WordPress Service Finder Theme: Hackers Can Bypass Authentication!

Staff WriterBy Updated:No Comments2 Mins Read4 Views

Top Highlights

  1. Critical Vulnerability: A severe authentication bypass flaw (CVE-2025-5947) in the Service Finder WordPress theme allows unauthenticated attackers to access any account, including administrators, with a CVSS score of 9.8.

  2. Exploitation Attempts: Since August 1, 2025, over 13,800 exploitation attempts have been recorded, highlighting the urgency for users to secure their sites.

  3. Plugin Flaw: The vulnerability arises from inadequate validation of user cookies, enabling attackers to hijack accounts via the service_finder_switch_back() function.

  4. Update Recommendation: Site administrators are urged to audit their sites for suspicious activity and update to version 6.1 or higher to mitigate risks.

Critical Vulnerability Discovered

Threat actors are leveraging a critical security flaw in the Service Finder WordPress theme. This flaw allows unauthorized access to any account, including those held by administrators. The vulnerability, identified as CVE-2025-5947, has a high severity score of 9.8. A researcher known as Foxyyy uncovered the issue, which affects the Service Finder Bookings plugin bundled with the theme. Wordfence researcher István Márton explained that an unauthenticated attacker can exploit this vulnerability to gain access to any user account on a site.

The root of the problem lies in inadequate validation of user cookie values. The plugin’s account-switching function fails to properly authenticate users before allowing access. This oversight enables attackers to sign in as any user, compromising the integrity of the site. As a result, the attackers can inject malicious code or redirect users to harmful sites, posing a significant risk to unsuspecting visitors.

Exploitation and Mitigation Efforts

The vulnerability affects all versions of the theme prior to 6.1. The maintainers addressed this security issue on July 17, 2025. The theme has been purchased by more than 6,100 users, indicating a considerable impact on the WordPress community. Since August 1, 2025, Wordfence has reported over 13,800 attempts to exploit this vulnerability, although the exact success rate remains unclear.

Security experts urge administrators to audit their sites regularly for signs of suspicious activity. They should also ensure that all plugins and themes are up to date to minimize risks. Surveillance of IP addresses linked to the exploit reveals an ongoing threat. Prompt action can help protect websites from potential compromise and safeguard user data from malicious actors.

Stay Ahead with the Latest Tech Trends

Learn how the Internet of Things (IoT) is transforming everyday life.

Explore past and present digital transformations on the Internet Archive.

DataProtection-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.