All news with #service finder tag
Wed, October 8, 2025
Critical auth bypass in Service Finder WordPress theme
🔒 A critical authentication bypass in the Service Finder WordPress theme (tracked as CVE-2025-5947) is being actively exploited to obtain administrator access. The flaw affects versions 6.0 and older and results from improper validation of the original_user_id cookie in the service_finder_switch_back() function. Aonetheme released a patch in version 6.1 on July 17; site operators should update immediately or discontinue use.