Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Service Finder WordPress theme authentication bypass (CVE-2025-5947, actively exploited)

Vulnerability
First reported
Last updated
Happening score
H score 52
2 unique sources, 2 articles

Summary

Hide ▲

Actively exploited CVE-2025-5947 is putting Service Finder WordPress theme sites on version 6.0 and older at risk of administrator takeover. The flaw is an authentication bypass caused by improper validation of the original_user_id cookie in service_finder_switch_back(). Aonetheme fixed the issue in version 6.1, but vulnerable sites can still be logged into without authentication.

Related Happenings

Fortinet FortiWeb WAF authentication bypass actively exploited authentication bypass flaw

Vulnerability
First: 14.11.2025 11:00 Last: 14.11.2025 11:00 Sources 1

About this happening: **Fortinet FortiWeb WAF** is under **active in-the-wild exploitation** for an **authentication bypass** that can let attackers **take over admin accounts** and **fully compromise...

Open Happening

JobMonster WordPress theme authentication bypass (CVE-2025-5397)

Vulnerability
First: 04.11.2025 09:49 Last: 04.11.2025 09:49 Sources 1

About this happening: **CVE-2025-5397** in the **JobMonster WordPress theme** is being actively exploited to bypass authentication and hijack **administrator accounts** on sites with **social login** e...

Open Happening

Service Finder WordPress theme active auth bypass exploitation wave (CVE-2025-5947)

Exploitation Wave
First: 08.10.2025 18:57 Last: 08.10.2025 18:57 Sources 1

How related: The WordPress security company said it has observed exploitation activity targeting CVE-2025-5947 since August 1, 2025, with over 13,800 attempts detected to date.

About this happening: **CVE-2025-5947** is being exploited at scale against the **Service Finder WordPress theme**, with attackers using an authentication bypass to log in as administrators and take ov...

Open Happening

Timeline

  1. 08.10.2025 18:57 1 articles · 7mo ago

    Aonetheme ships Service Finder 6.1 fix

    Mitigation Patch Update

    Aonetheme releases Service Finder version 6.1 to address CVE-2025-5947, closing the improper validation flaw in the original_user_id cookie inside service_finder_switch_back().

    Show sources
    Open in new tab
  2. 08.10.2025 18:57 2 articles · 7mo ago

    Active exploitation begins against Service Finder

    Exploitation Observed

    Threat actors begin actively exploiting CVE-2025-5947 against Service Finder sites, using requests with switch_back=1 to impersonate existing users and gain administrator access without authentication.

    Show sources
    Open in new tab
  3. 08.10.2025 18:57 2 articles · 7mo ago

    Service Finder attacks surge in volume

    Campaign Scope Update

    Wordfence observes a surge of more than 1,500 attack attempts per day beginning September 23, with thousands of requests coming from five IP addresses and more than 13,800 exploit attempts overall.

    Show sources
    Open in new tab
  4. 08.06.2025 03:00 1 articles · 11mo ago

    Foxyyy reports Service Finder auth bypass

    Initial Disclosure

    Security researcher Foxyyy reports CVE-2025-5947 through Wordfence's bug bounty program, identifying an authentication bypass in the Service Finder WordPress theme that can let an attacker log in as any user, including an administrator.

    Show sources
    Open in new tab