Particle.news
Download on the App Store
3 ARTICLES
·
yesterday

WordPress Service Finder Sites Hit by Mass Exploits of Critical Authentication Bypass

Wordfence reports more than 13,800 attacks since August against unpatched installs.

Image

Overview

  • The flaw, tracked as CVE-2025-5947 with a CVSS score of 9.8, affects the Service Finder Bookings plugin bundled with the premium theme.
  • Versions 6.0 and earlier are vulnerable, and Aonetheme released a fix in version 6.1 on July 17, 2025.
  • Improper validation of the original_user_id cookie in the service_finder_switch_back() function allows logins as any user, including administrators.
  • Wordfence has recorded exploitation attempts since August 1, totaling more than 13,800 and including a late-September burst of over 1,500 daily requests.
  • Typical probes use a switch_back=1 GET parameter, with thousands traced to five IPs (5.189.221.98, 185.109.21.157, 192.121.16.196, 194.68.32.71, 178.125.204.198), and defenders are urged to patch, audit for anomalies, and avoid relying on blocklists or clean logs.