The Hacker News
Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites.
The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings, a WordPress plugin bundled with the Service Finder theme. It was discovered by a researcher who goes by the name Foxyyy.
"This vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site, including accounts with the 'administrator' role," Wordfence researcher István Márton said .
The problem, at its core, is a case of privilege escalation stemming from authentication bypass due to the
Raw Story
NHL Florida Panthers
Crooks and Liars
Daily Kos
The Babylon Bee
Essentiallysports College Sports
America News