CVE-2025-5947

CRITICAL EXPLOITED NUCLEI

Service Finder Bookings <6.0 - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2025-5947 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including M4rgs, xxconi. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2025-5947, targeting the Service Finder WordPress plugin. The exploit leverages an unauthenticated AJAX endpoint to bypass access controls and escalate privileges to admin.

Description

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the service_finder_switch_back() function. This makes it possible for unauthenticated attackers to login as any user including admins.

Exploits (2)

github WORKING POC 1 stars

by M4rgs · remote

https://github.com/M4rgs/CVE-2025-5947_Exploit

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2025-5947, targeting the Service Finder WordPress plugin. The exploit leverages an unauthenticated AJAX endpoint to bypass access controls and escalate privileges to admin.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Service Finder WordPress Plugin

No auth needed

Prerequisites: Target running vulnerable Service Finder plugin · Access to the WordPress admin-ajax.php endpoint

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

github WORKING POC

by xxconi · pythonremote

https://github.com/xxconi/CVE-2025-5947

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-5947, an authentication bypass vulnerability in the WordPress Service Finder Bookings plugin. The exploit leverages cookie spoofing to bypass authentication and gain admin access.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: WordPress Service Finder Bookings plugin ≤ 6.0

No auth needed

Prerequisites: WordPress installation · Service Finder Bookings plugin installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed May 30, 2026 Full analysis →

Nuclei Templates (1)

Service Finder Bookings - Authentication Bypass

CRITICALby sedat4ras

References (4)

Core 4

Core References

Various Sources

https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793

Third Party Advisory

https://www.vicarius.io/vsociety/posts/cve-2025-5947-detect-wordpress-vulnerability

Third Party Advisory

https://www.vicarius.io/vsociety/posts/cve-2025-5947-mitigate-wordpress-vulnerability

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/c1fe4f60-d93b-4071-90ae-ac863c17fe19?source=cve

Scores

CVSS v3 9.8

EPSS 0.6170

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2025-10-07

CWE

CWE-639

Status published

Products (1)

aonetheme/Service Finder Bookings < 6.0

Published Aug 01, 2025

Tracked Since Feb 18, 2026