Attackers Actively Exploiting Critical Vulnerability in Service Finder Bookings Plugin- Expert Perspectives
Threat actors are actively exploiting a critical authentication bypass vulnerability (CVE-2025-5947, CVSS 9.8) in the Service Finder WordPress theme and its bundled Service Finder Bookings plugin. The flaw allows unauthenticated attackers to gain access to any account, including administrators, by exploiting improper cookie validation in the account-switching…