WordPress Service Finder Vulnerability CVE-2025-5947

A critical security vulnerability, CVE-2025-5947, has been discovered in the Service Finder Bookings plugin, which is bundled with the popular WordPress theme Service Finder. This flaw allows unauthenticated attackers to log in as any user, including administrators, without valid credentials.

The vulnerability has a CVSS score of 9.8 and has been actively exploited in the wild. Websites using this plugin must take immediate action to secure their environment and prevent unauthorized access.

Understanding the CVE-2025-5947

The WordPress Service Finder vulnerability CVE-2025-5947 affects all versions of the Service Finder Bookings plugin up to version 6.0. The flaw stems from improper validation of user cookies in the plugin’s account-switching function. Attackers can manipulate cookie values to impersonate any user, gaining full administrative access without authentication.

According to the Wordfence Vulnerability Database, over 13,800 exploit attempts have been detected since early August 2025, targeting WordPress sites that have not applied the patch.

The plugin developer released a fixed version (6.1) on July 17, 2025, which fully resolves the vulnerability. All previous versions remain vulnerable.

How the Exploit Works

The plugin includes an account-switching feature that uses cookies to temporarily switch between user accounts. Due to missing validation, attackers can craft a malicious cookie that mimics a legitimate session. This allows them to access the admin dashboard without providing valid credentials.

Common attacker actions include:

1. Uploading malicious PHP files or webshells

2. Installing rogue plugins or themes

3. Redirecting users to phishing or malware-hosting sites

4. Creating new administrator accounts for persistent access

5. Exfiltrating sensitive data or customer information

This exploit is particularly dangerous because it bypasses authentication entirely, leaving little trace in standard login logs.

Affected Versions

• Vulnerable: Service Finder Bookings versions 6.0 and below

• Fixed: Version 6.1 and later

Websites running older versions should update immediately or disable the plugin until the patch is applied.

Recommended Actions for Website Owners

Website owners running the Service Finder theme should take the following steps to mitigate CVE-2025-5947:

1. Update to version 6.1 or higher immediately

2. Review all administrator accounts and remove any unknown users

3. Change all admin passwords and invalidate active sessions

4. Scan for suspicious PHP files, especially in /wp-content/uploads/

5. Use a malware scanner like Sucuri or MalCare to detect backdoors

6. Enable a Web Application Firewall (WAF) to prevent further exploitation

7. Monitor access logs for unusual login activity, particularly from unknown IPs

If any compromise is detected, restore the site from a clean backup and reset all credentials.

Signs Your Site Might Be Compromised

Potential indicators include:

• Unknown administrator accounts appearing in the user list

• Unauthorized redirects or changes to site content

• New PHP files added to theme or upload directories

• Sudden performance issues or unusual network activity

Early detection can prevent larger-scale damage or data breaches.

Why This Vulnerability Matters

The Service Finder theme is widely used by small businesses, booking agencies, and service providers globally. Its popularity makes it a prime target for attackers seeking to compromise WordPress sites at scale. A successful exploit can result in stolen data, service disruption, and brand reputation damage.

Maintaining WordPress security requires regular updates, proactive vulnerability monitoring, and automated patch management, especially for businesses relying on their online presence.

Managed WordPress Hosting by QUAPE

At QUAPE, we provide Managed WordPress Hosting that secures and optimizes your site. Our team monitors vulnerabilities like CVE-2025-5947, applies patches proactively, and ensures your site stays protected and up to date.

Our managed WordPress services include:

• Automatic updates for WordPress core, themes, and plugins

• Real-time malware protection and monitoring

• Daily backups and fast restoration support

• Web application firewall and intrusion prevention

• Performance optimization and uptime monitoring

• Dedicated expert support

Partnering with QUAPE ensures your WordPress websites remain secure from critical threats while maintaining optimal performance. Learn more at quape.com.

• Author
• Recent Posts

Athif Quape

Cloud Security Specialist at QUAPE PTE LTD

Athif lives and breathes cybersecurity. From sniffing out shady IPs to outsmarting phishing scams, he's the guy who locks digital doors before the bad guys even knock. Logs don’t lie and Athif reads them like bedtime stories. Just don’t ask him to connect to public Wi-Fi unless you want a lecture on network hygiene.

Latest posts by Athif Quape (see all)

• WordPress Service Finder Vulnerability CVE-2025-5947 - October 11, 2025
• Website hacked what to do ? - September 29, 2025
• 5 Reasons Why Traefik Crushes Traditional Load Balancers - September 24, 2025