Redazione RHC : 9 October 2025 14:33
A critical vulnerability has affected the popular WordPress theme Service Finder , allowing attackers to access any website account, including administrative ones, without authorization .
The issue affected the integrated Service Finder Bookings plugin, used for bookings and included in the theme . The vulnerability bypasses the authentication mechanism, allowing attackers to take control of the website and abuse its functionality.
The vulnerability has been assigned the identifier CVE-2025-5947 and has a critical CVSS score of 9.8 . The bug was caused by an error in the service_finder_switch_back() function, responsible for switching between accounts. The plugin incorrectly validated the cookie value, allowing an attacker to log in as any user without requiring authentication. This led to an escalation of privilege, from unauthorized access to complete control of the website.
According to Envato Market, the Service Finder theme has gained popularity, with over 6,100 customers using it. All versions up to and including 6.0 were vulnerable. The developers fixed the issue on July 17, 2025, with the 6.1 update, which revised the features and strengthened the verification mechanism.
Since the beginning of August, over 13,000 attempts to exploit this vulnerability have been recorded. The exact percentage of successful attacks is not yet known, but it is already known that websites using the vulnerable Service Finder Bookings component have been targeted. Wordfence researchers have identified several IP addresses used to attempt to bypass the protection, including 5.189.221[.]98, 185.109.21[.]157, 192.121.16[.]196, 194.68.32[.]71, and 178.125.204[.]198.
The potential consequences for compromised websites can be severe. Attackers can inject malicious scripts, redirect visitors to phishing pages, use the platform to distribute malware, or create fake services.
Because attacks are possible even without prior registration, sites remain vulnerable until administrators install the latest version of the theme and verify any suspicious changes to the configuration and content.
Security experts strongly recommend that website owners using the Service Finder theme update to version 6.1 as soon as possible and analyze activity logs to identify potential unauthorized access attempts. If this vulnerability is actively exploited, any delays could have serious consequences for the infrastructure and reputation of the resources.
Redazione