Critical Authentication Bypass in Service Finder Bookings (CVE-2025-5947) — Patch Now to Prevent Full Site Takeover
Introduction A critical vulnerability in the Service Finder Bookings component used by the Service Finder WordPress theme permits unauthenticated attackers to impersonate any user — including administrators — and fully compromise affected sites. The issue, tracked as CVE-2025-5947, should be treated as an urgent patch-and-audit priority for site owners and hosting providers. Background / Context […]