AI description
CVE-2025-5947 is a critical authentication bypass vulnerability affecting the Service Finder WordPress theme, specifically the Service Finder Bookings plugin. This vulnerability stems from the plugin's improper validation of the `original_user_id` cookie within the `service_finder_switch_back()` function. Versions 6.0 and older are affected. Successful exploitation of CVE-2025-5947 allows unauthenticated attackers to log in as any user, including administrators. This can lead to attackers modifying website content, injecting malicious code, stealing sensitive data, and compromising the server. The vulnerability was patched in version 6.1, released on July 17, 2025.
- Description
- The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the service_finder_switch_back() function. This makes it possible for unauthenticated attackers to login as any user including admins.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-639
- Hype score
- Not currently trending
CVE-2025-5947 : การใช้ประโยชน์ที่สําคัญช่วยให้แฮกเกอร์ผ่านการยืนยันตัวตนในธีม WordPress Service Finder https://t.co/Tja4MzbR4F https://t.co/YNjRNe8cco
@freedomhack101
11 Nov 2025
57 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
10月プラグイン脆弱性だモー🐮 ・「Service Finder Bookings」テーマの認証バイパス(CVE-2025-5947) ・「Find And Replace Content」プラグインの未認可XSS(CVE-2025-10313) ・「Outdoor」プラグインの未認証SQLインジェクション
@accell_mo_kun
29 Oct 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Descoberta de falha crítica: Plugin WordPress permite acesso total sem login Uma falha crítica de autenticação (CVE-2025-5947) no plugin Service Finder https://t.co/29kcjWtrYu
@luciomachadobor
14 Oct 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme. The authentication bypass vulnerability, tracked as CVE-2025-5947 (CVSS score: 9.8), affects the Service Finder Bookings. https://t.co/fLr1AL7WDv https://t.co/JUdcQVg35g
@riskigy
11 Oct 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-5947 (CVSS: 9.8): Critical Authentication Bypass in Service Finder Bookings WordPress plugin! Unauthenticated attackers can hijack any user account, including admins, to seize control of sites, inject malicious code, redirect users to phishing pages, or host malw
@zoomeye_team
11 Oct 2025
729 Impressions
3 Retweets
8 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts https://t.co/kkst6UhL6w https://t.co/6GMvrG15kA
@methodandmetric
9 Oct 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Silent Keyhole: How CVE-2025-5947 Lets Attackers Walk into WordPress Admin Doors. A critical vulnerability identified as CVE-2025-5947 is under active exploitation against WordPress sites running the Service Finder Bookings plugin (bundled with the Service Finder theme. http
@elnjasi
9 Oct 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Hackers are hijacking WordPress sites right now. A critical flaw (CVE-2025-5947) in the Service Finder theme lets anyone log in as an admin — no password needed. 13,800+ exploit attempts. Still rising. Most sites haven’t patched. Details here → https://t.co/TJyLx4CN
@TheHackersNews
9 Oct 2025
28055 Impressions
86 Retweets
246 Likes
100 Bookmarks
4 Replies
7 Quotes
🚨 WordPress sites hit by CVE-2025-5947 exploit! Hackers bypass auth, take over admin accounts. 😱 WEBOUNCER stops this & all cyber attacks with next-gen defense. Visit https://t.co/YvUrFmPKNq https://t.co/gIeQ3j4FyP via @TheHackersNews
@BrainLabVisions
9 Oct 2025
59 Impressions
2 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Active exploit alert: Hackers are abusing a critical flaw (CVE-2025-5947) in the WordPress Service Finder theme to bypass authentication and log in as admins. ➡️ Over 13K attack attempts detected. ➡️ Fix released in v6.1 - update now! Would your site survive this k
@TechNadu
9 Oct 2025
115 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Hackers are hijacking WordPress sites right now. A critical flaw (CVE-2025-5947) in the Service Finder theme lets anyone log in as an admin — no password needed. 13,800+ exploit attempts. Still rising. Most sites haven’t patched. Details here → ... https://t.co/2oE7
@IT_news_for_all
9 Oct 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Service Finder WordPressテーマの認証バイパス脆弱性CVE-2025-5947の詳細 https://t.co/obBUXT0yex #Security #セキュリティー #ニュース
@SecureShield_
9 Oct 2025
78 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-5947
@transilienceai
8 Oct 2025
19 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 𝐀𝐜𝐭𝐢𝐯𝐞𝐥𝐲 𝐄𝐱𝐩𝐥𝐨𝐢𝐭𝐞𝐝: 𝐂𝐫𝐢𝐭𝐢𝐜𝐚𝐥 𝐅𝐥𝐚𝐰 𝐂𝐕𝐄-𝟐𝟎𝟐𝟓-𝟓𝟗𝟒𝟕 𝐀𝐥𝐥𝐨𝐰𝐬 𝐔𝐧𝐚𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐞𝐝 𝐀𝐝𝐦𝐢𝐧
@PurpleOps_io
8 Oct 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5947 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all ..https://t.co/m6YcPjuX0o #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
6 Aug 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5947 The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due … https://t.co/9ANuGxGt4J
@CVEnew
1 Aug 2025
418 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: CVE-2025-5947 impacts all versions of Service Finder Bookings for WordPress. Unauthenticated attackers can escalate privileges to admin! Disable plugin & monitor for updates. https://t.co/aGQBS61CHG... https://t.co/lPX95Id6GI
@offseq
1 Aug 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes