Service Finder plugin maintainers security patch release for CVE-2025-5947
Security Patch Release
Summary
Hide ▲
Show ▼
Service Finder Bookings got version 6.1 on July 17, 2025, closing CVE-2025-5947 and reducing takeover risk for affected WordPress sites. The update covered installations running 6.0 and earlier in the Service Finder theme bundle. The flaw was an authentication bypass that could let an unauthenticated attacker reach administrator accounts.
Related Happenings
The vendor security patch release for CVE-2026-8206
Security Patch Release
H score89
First: 03.06.2026 01:12
Last: 03.06.2026 01:12
Sources 1
About this happening:
**Kirki - Freeform Page Builder, Website Builder & Customizer** shipped **version 6.0.7** to fix **CVE-2026-8206**, a privilege-escalation flaw that could let attackers take over...
The vendor security patch release for CVE-2026-8206
Security Patch ReleaseAbout this happening: **Kirki - Freeform Page Builder, Website Builder & Customizer** shipped **version 6.0.7** to fix **CVE-2026-8206**, a privilege-escalation flaw that could let attackers take over...
WP Maps Pro 6.1.1 security patch for CVE-2026-8732
Security Patch Release
H score49
First: 31.05.2026 17:06
Last: 31.05.2026 17:06
Sources 1
About this happening:
**WP Maps Pro 6.1.1** was released to fix **CVE-2026-8732**, giving WordPress administrators a patch for a flaw that enabled **unauthenticated administrator-account creation**. Th...
WP Maps Pro 6.1.1 security patch for CVE-2026-8732
Security Patch ReleaseAbout this happening: **WP Maps Pro 6.1.1** was released to fix **CVE-2026-8732**, giving WordPress administrators a patch for a flaw that enabled **unauthenticated administrator-account creation**. Th...
LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)
Security Patch Release
H score42
First: 27.05.2026 13:06
Last: 27.05.2026 13:06
Sources 1
About this happening:
LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...
LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)
Security Patch ReleaseAbout this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...
Latest development: 16.06.2026 13:47
CISA added CVE-2026-48172/CVE-2026-54420 in the LiteSpeed cPanel user-end plugin to the Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch agencies to secure affected servers within three days under BOD 26-04. The affected plugin versions before 2.4.8 are described as actively exploited, with FTP or web shell access enabling root escalation on shared hosting servers running CloudLinux/CageFS.
Citrix security patch release for CVE-2026-3055
Security Patch Release
H score44
First: 24.03.2026 07:59
Last: 24.03.2026 07:59
Sources 1
About this happening:
Citrix's **NetScaler ADC** and **NetScaler Gateway** updates close **CVE-2026-3055** and **CVE-2026-4368**, including a flaw that could leak sensitive memory from configured appli...
Citrix security patch release for CVE-2026-3055
Security Patch ReleaseAbout this happening: Citrix's **NetScaler ADC** and **NetScaler Gateway** updates close **CVE-2026-3055** and **CVE-2026-4368**, including a flaw that could leak sensitive memory from configured appli...
Oracle security patch release for CVE-2026-21992
Security Patch Release
H score44
First: 21.03.2026 12:24
Last: 21.03.2026 12:24
Sources 1
About this happening:
**Oracle** released **security updates** for **CVE-2026-21992**, a critical flaw in **Identity Manager** and **Web Services Manager** that could enable **unauthenticated remote co...
Oracle security patch release for CVE-2026-21992
Security Patch ReleaseAbout this happening: **Oracle** released **security updates** for **CVE-2026-21992**, a critical flaw in **Identity Manager** and **Web Services Manager** that could enable **unauthenticated remote co...
Timeline
-
09.10.2025 09:57 2 articles · 9mo ago
Service Finder Bookings version 6.1 closes CVE-2025-5947
Mitigation Patch UpdateService Finder Bookings maintainers release version 6.1 for the WordPress theme bundle, fixing CVE-2025-5947 and closing the authentication bypass in service_finder_switch_back() that could let an unauthenticated attacker log in as any user, including administrators, on vulnerable sites.
Show sources
- Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme — thehackernews.com — 09.10.2025 09:57
- Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme — thehackernews.com — 09.10.2025 09:57
-
09.10.2025 09:57 1 articles · 9mo ago
Exploitation of CVE-2025-5947 starts against vulnerable Service Finder sites
Exploitation ObservedExploitation targeting CVE-2025-5947 is observed against vulnerable Service Finder Bookings installations, where attackers use the authentication bypass to reach administrator accounts and hijack WordPress sites.
Show sources
- Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme — thehackernews.com — 09.10.2025 09:57
-
09.10.2025 09:57 1 articles · 9mo ago
Technical analysis details Service Finder Bookings authentication bypass
Technical Analysis UpdateTechnical analysis of CVE-2025-5947 describes an authentication bypass in Service Finder Bookings caused by inadequate validation of a user's cookie value before login through service_finder_switch_back(), exposing vulnerable WordPress sites to unauthenticated account takeover.
Show sources
- Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme — thehackernews.com — 09.10.2025 09:57