CVE-2025-5947

Name of the Vulnerable Software and Affected Versions Service Finder Bookings plugin for WordPress versions up to and including 6.0

Description The Service Finder Bookings plugin for WordPress is susceptible to a privilege escalation issue stemming from an authentication bypass. This occurs because the plugin does not properly validate a user's cookie value before granting access through the service finder switch back() function. This allows unauthenticated attackers to log in as any user, including administrators. Over 13,800 exploit attempts have been detected since August, with over 1,500 daily attacks observed since late September. The vulnerability allows attackers to bypass authentication and sign in as any user, including administrators, due to improper cookie validation in the service finder switch back() function.

Recommendations Update to Service Finder Bookings version 6.1 to address this vulnerability.