The Service Finder WordPress theme contains a severe authentication bypass vulnerability tracked as CVE-2025-5947 with a CVSS score of 9.8, indicating a high level of severity. This flaw allows attackers to gain unauthorized access to any user account, including high-privilege administrator accounts, enabling them to take full control of affected websites.
The active exploitation of this vulnerability poses significant risks to websites relying on this theme, potentially leading to data breaches, unauthorized content modification, and loss of site integrity. Site owners are urged to apply security patches or remove the vulnerable plugin immediately to mitigate these risks.
Failure to address this issue promptly could expose impacted sites to sustained attacks and compromise sensitive information. The ongoing exploitation highlights the need for timely vulnerability management in popular WordPress components.
👉 Pročitaj original: The Hacker News
