CVE-2025-5947
📋 TL;DR
The Service Finder Bookings WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any user, including administrators, by exploiting improper cookie validation. This affects all WordPress sites using the plugin up to version 6.0. Attackers can gain full administrative control of vulnerable WordPress installations.
💻 Affected Systems
- Service Finder Bookings WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover with administrative privileges, allowing attackers to install backdoors, steal data, deface websites, or use the site for further attacks.
Likely Case
Attackers gain administrative access to compromise the WordPress site, install malicious plugins/themes, or pivot to other systems.
If Mitigated
With proper network segmentation and monitoring, impact could be limited to the WordPress instance only, but administrative access still provides significant control.
🎯 Exploit Status
Exploitation requires sending crafted requests to the vulnerable endpoint. Public technical details are available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 6.1 or later
Vendor Advisory: https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find Service Finder Bookings plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove plugin immediately.
🔧 Temporary Workarounds
Disable Plugin
allDeactivate the vulnerable plugin to prevent exploitation
wp plugin deactivate service-finder-bookings
Block Vulnerable Endpoint
linuxUse web application firewall or .htaccess to block access to the vulnerable function
# Add to .htaccess: RewriteRule ^wp-content/plugins/service-finder-bookings/.*\.php$ - [F,L]
🧯 If You Can't Patch
- Deactivate the Service Finder Bookings plugin immediately
- Implement strict network access controls to limit WordPress admin panel access
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Service Finder Bookings. If version is 6.0 or lower, you are vulnerable.Check Version:
wp plugin get service-finder-bookings --field=versionVerify Fix Applied:
Verify plugin version is 6.1 or higher, or confirm plugin is deactivated/removed.📡 Detection & Monitoring
Log Indicators:
- Unusual authentication attempts to service_finder_switch_back() function
- Multiple failed login attempts followed by successful admin login from same IP
- User privilege escalation in WordPress logs
Network Indicators:
- HTTP POST requests to /wp-content/plugins/service-finder-bookings/ files with unusual parameters
- Rapid succession of authentication requests
SIEM Query:
source="wordpress" AND (uri_path="*service-finder-bookings*" OR message="*service_finder_switch_back*")🔗 References
- https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c1fe4f60-d93b-4071-90ae-ac863c17fe19?source=cve
- https://www.vicarius.io/vsociety/posts/cve-2025-5947-detect-wordpress-vulnerability
- https://www.vicarius.io/vsociety/posts/cve-2025-5947-mitigate-wordpress-vulnerability
