5 matches found
Service Finder Bookings - Authentication Bypass
Service Finder Bookings WordPress plugin = 6.0 contains a privilege escalation caused by improper validation of user cookie in servicefinderswitchback function, letting unauthenticated attackers login as any user including admins. id: CVE-2025-5947 info: name: Service Finder Bookings -...
Auth Bypass Flaw in Service Finder WordPress Plugin Under Active Exploit
An Authentication Bypass CVE-2025-5947 in Service Finder Bookings plugin allows any unauthenticated attacker to log in as an administrator. Over 13,800 exploit attempts detected. Update to v6.1 immediately...
Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme
Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites. The authentication bypass vulnerability, tracked as...
WordPress Service Finder Bookings plugin <= 6.0 - Authentication Bypass via User Switch Cookie vulnerability
Authentication Bypass via User Switch Cookie vulnerability discovered by Foxyyy in WordPress Plugin Service Finder Booking versions = 6.0...
CVE-2025-5947
creationtimestamp| type| source ---|---|--- 2025-08-01 04:31:28+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lvcsxn247l2t 2025-10-07 16:44:43+00:00| seen| https://gist.github.com/Darkcrai86/b6a8eee2ed2df4a5d2becbda7f7b6538 2025-10-08 04:16:06+00:00| seen|...