Active threat actors are exploiting a critical vulnerability in the Service Finder WordPress theme, allowing unauthorized administrator access. Over 13,800 attack attempts have been recorded since August, emphasizing the urgency of applying security updates. #CVE-2025-5947 #Wordfence
Keypoints
- The vulnerability affects Service Finder versions 6.0 and older, with a critical severity score of 9.8.
- Exploiting CVE-2025-5947 allows attackers to log in as any user, including administrators, without authentication.
- Security researcher βFoxyyyβ discovered the flaw and reported it via Wordfenceβs bug bounty program.
- The vendor released a patch in version 6.1 on July 17, addressing the issue before public disclosure.
- Website administrators are advised to review logs for suspicious activity and apply the latest security updates immediately.