A critical security vulnerability in the widely used Service Finder WordPress theme has put over 6,000 websites at risk, allowing attackers to easily bypass authentication and gain administrator-level access. Security experts warn that thousands of exploit attempts have already been observed, highlighting the urgent need for immediate action from site administrators.

Key Takeaways

• Over 6,000 websites using Service Finder theme versions 6.0 or earlier are at critical risk.

• The vulnerability (CVE-2025-5947) allows unauthenticated attackers to completely take over affected sites.

• More than 13,800 exploitation attempts have been detected since August 2025.

• Only updating to version 6.1 or later of the theme fully mitigates the threat.

Understanding The Security Flaw

The issue, tracked as CVE-2025-5947 with a CVSS score of 9.8/10, stems from insufficient cookie validation in the Service Finder Bookings plugin bundled with the theme. Attackers can exploit the flaw to switch accounts—escalating their privileges to those of any user, including site administrators. This level of access allows full control, ranging from altering site content to injecting malicious code or stealing sensitive data.

Active Exploitation And Targeted IPs

Since the vulnerability was publicly disclosed in July 2025, security companies monitoring WordPress sites have identified an uptick in exploit attempts. Over 13,800 attempts have been recorded since August, with the bulk of attacks originating from just five IP addresses. Administrators are advised that while blocking these known addresses can offer some temporary relief, new sources can quickly emerge.

Table: Top Malicious IPs Targeting Service Finder Theme

How Administrators Should Respond

Site owners running the Service Finder theme should:

1. Update to version 6.1 (or later) immediately, as earlier versions remain exploitable.

2. Review server logs for unusual or unexpected login activity.

3. Block the five known malicious IP addresses, but do not rely solely on this measure.

4. Audit for any unauthorized administrator accounts that may have been created for persistence.

5. Ensure all plugins and themes are kept up-to-date to avoid similar risks.

Wider Implications For WordPress Users

Given WordPress powers a substantial portion of the web, vulnerabilities in popular themes like Service Finder present a broad attack surface for malicious actors. This incident highlights the importance of rapid patching and ongoing vigilance in website security.

Administrators are urged not to delay applying updates or investigating signs of compromise. As attackers continue to evolve, staying proactive is the best defense against severe breaches. As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

References

• Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme, The Hacker News.

• A popular WordPress theme has a worrying security flaw which could allow full site takeover - here's what weknow, TechRadar.