CVE-2025-11522
📋 TL;DR
This vulnerability allows unauthenticated attackers to bypass authentication and take over any user account, including administrator accounts, in WordPress sites using the Search & Go theme with Facebook login enabled. All WordPress administrators using this theme up to version 2.7 are affected.
💻 Affected Systems
- Search & Go - Directory WordPress Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site compromise where attackers gain administrator access, install backdoors, steal sensitive data, deface the site, or use it for further attacks.
Likely Case
Attackers gain administrative privileges and compromise the WordPress installation, potentially leading to data theft, malware injection, or site takeover.
If Mitigated
If Facebook login is disabled, the vulnerability cannot be exploited, though the underlying code flaw remains.
🎯 Exploit Status
The vulnerability is in a specific function with insufficient validation, making exploitation straightforward for attackers who understand the flaw.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 2.8 or later
Vendor Advisory: https://themeforest.net/item/search-go-modern-smart-directory-theme/15365040
Restart Required: No
Instructions:
1. Update the Search & Go theme to version 2.8 or later via WordPress admin panel. 2. Verify the update completed successfully. 3. Clear any caching plugins or server caches.
🔧 Temporary Workarounds
Disable Facebook Login
allTemporarily disable Facebook login functionality in the theme settings to prevent exploitation.
Navigate to WordPress admin > Search & Go theme settings > Social Login > Disable Facebook login
🧯 If You Can't Patch
- Immediately disable Facebook login functionality in theme settings
- Consider temporarily disabling or replacing the theme entirely
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Appearance > Themes to see if Search & Go theme is installed and if version is 2.7 or lower.Check Version:
Check theme version in WordPress admin panel or inspect theme's style.css file for Version: headerVerify Fix Applied:
Verify theme version is 2.8 or higher in WordPress admin > Appearance > Themes.📡 Detection & Monitoring
Log Indicators:
- Unusual authentication attempts via Facebook login endpoints
- Multiple failed login attempts followed by successful admin login from new IP
Network Indicators:
- HTTP requests to /wp-content/themes/search-and-go/ Facebook authentication endpoints with unusual parameters
SIEM Query:
source="wordpress.log" AND ("search_and_go_elated_check_facebook_user" OR "facebook_user" OR "fb_login") AND status=200