CVE-2025-5947

Attackers exploiting critical auth-bypass flaw in Service Finder WordPress theme

Cybercrime, News, Risk, Vendors, Vulnerabilities

October 9, 2025

Security researchers at Wordfence say attackers are actively exploiting CVE-2025-5947, a critical authentication-bypass flaw in the Service Finder WordPress theme that can give attackers administrator access; a patch was released in version 6.1 and administrators are urged to update or stop using the theme.