Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Service Finder plugin maintainers security patch release for CVE-2025-5947

Security Patch Release
First reported
Last updated
Happening score
H score 50
1 unique sources, 1 articles

Summary

Hide ▲

Service Finder Bookings got version 6.1 on July 17, 2025, closing CVE-2025-5947 and reducing takeover risk for affected WordPress sites. The update covered installations running 6.0 and earlier in the Service Finder theme bundle. The flaw was an authentication bypass that could let an unauthenticated attacker reach administrator accounts.

Related Happenings

LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)

Security Patch Release
First: 27.05.2026 13:06 Last: 27.05.2026 13:06 Sources 1

About this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...

Open Happening

Citrix security patch release for CVE-2026-3055

Security Patch Release
First: 24.03.2026 07:59 Last: 24.03.2026 07:59 Sources 1

About this happening: Citrix's **NetScaler ADC** and **NetScaler Gateway** updates close **CVE-2026-3055** and **CVE-2026-4368**, including a flaw that could leak sensitive memory from configured appli...

Open Happening

Oracle security patch release for CVE-2026-21992

Security Patch Release
First: 21.03.2026 12:24 Last: 21.03.2026 12:24 Sources 1

About this happening: **Oracle** released **security updates** for **CVE-2026-21992**, a critical flaw in **Identity Manager** and **Web Services Manager** that could enable **unauthenticated remote co...

Open Happening

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Open Happening

Elementor Ally 4.1.0 security patch release (CVE-2026-2313)

Security Patch Release
First: 11.03.2026 21:38 Last: 11.03.2026 21:38 Sources 1

About this happening: **Elementor** released **Ally 4.1.0** to fix **CVE-2026-2313**, a **SQL injection** flaw in the WordPress accessibility plugin that could expose **sensitive data**. The update lan...

Open Happening

Timeline

  1. 09.10.2025 09:57 2 articles · 7mo ago

    Service Finder Bookings version 6.1 closes CVE-2025-5947

    Mitigation Patch Update

    Service Finder Bookings maintainers release version 6.1 for the WordPress theme bundle, fixing CVE-2025-5947 and closing the authentication bypass in service_finder_switch_back() that could let an unauthenticated attacker log in as any user, including administrators, on vulnerable sites.

    Show sources
    Open in new tab
  2. 09.10.2025 09:57 1 articles · 7mo ago

    Exploitation of CVE-2025-5947 starts against vulnerable Service Finder sites

    Exploitation Observed

    Exploitation targeting CVE-2025-5947 is observed against vulnerable Service Finder Bookings installations, where attackers use the authentication bypass to reach administrator accounts and hijack WordPress sites.

    Show sources
    Open in new tab
  3. 09.10.2025 09:57 1 articles · 7mo ago

    Technical analysis details Service Finder Bookings authentication bypass

    Technical Analysis Update

    Technical analysis of CVE-2025-5947 describes an authentication bypass in Service Finder Bookings caused by inadequate validation of a user's cookie value before login through service_finder_switch_back(), exposing vulnerable WordPress sites to unauthenticated account takeover.

    Show sources
    Open in new tab