Threat actors are actively exploiting a critical authentication bypass vulnerability (CVE-2025-5947, CVSS 9.8) in the Service Finder WordPress theme and its bundled Service Finder Bookings plugin. The flaw allows unauthenticated attackers to gain access to any account, including administrators, by exploiting improper cookie validation in the account-switching function. Attackers can hijack sites to inject malicious code, redirect users, or host malware. The issue affects all versions up to 6.0 and was patched in version 6.1 on July 17, 2025. Exploitation has been observed since August 1, with over 13,800 attempts detected to date.
Gunter Ollmann, CTO, Cobalt:
“The pure deja vu of another critical WordPress vulnerability cannot be ignored. Threat actors are increasingly automating the exploitation of common CMS plugins to gain persistent access to web infrastructure. Once inside, adversaries can pivot to distributing malware, stealing credentials, or using compromised sites in larger botnets. The WordPress ecosystem’s accessibility makes it a prime target, and with so many vulnerabilities like this over the years for WordPress, security teams should treat the service as untrusted and strengthen systems around it to protect critical data and connected systems.”
I’m a WordPress user so any report of a vulnerability in this platform concerns me. If you’re running a self hosted instance of WordPress, you might want to make sure that you’re fully up to date as soon as you can.
Like this:
Like Loading...
Related
This entry was posted on October 9, 2025 at 2:07 pm and is filed under Commentary with tags WordPress. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Attackers Actively Exploiting Critical Vulnerability in Service Finder Bookings Plugin- Expert Perspectives
Threat actors are actively exploiting a critical authentication bypass vulnerability (CVE-2025-5947, CVSS 9.8) in the Service Finder WordPress theme and its bundled Service Finder Bookings plugin. The flaw allows unauthenticated attackers to gain access to any account, including administrators, by exploiting improper cookie validation in the account-switching function. Attackers can hijack sites to inject malicious code, redirect users, or host malware. The issue affects all versions up to 6.0 and was patched in version 6.1 on July 17, 2025. Exploitation has been observed since August 1, with over 13,800 attempts detected to date.
Gunter Ollmann, CTO, Cobalt:
“The pure deja vu of another critical WordPress vulnerability cannot be ignored. Threat actors are increasingly automating the exploitation of common CMS plugins to gain persistent access to web infrastructure. Once inside, adversaries can pivot to distributing malware, stealing credentials, or using compromised sites in larger botnets. The WordPress ecosystem’s accessibility makes it a prime target, and with so many vulnerabilities like this over the years for WordPress, security teams should treat the service as untrusted and strengthen systems around it to protect critical data and connected systems.”
I’m a WordPress user so any report of a vulnerability in this platform concerns me. If you’re running a self hosted instance of WordPress, you might want to make sure that you’re fully up to date as soon as you can.
Share this:
Like this:
Related
This entry was posted on October 9, 2025 at 2:07 pm and is filed under Commentary with tags WordPress. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.