CVE-2025-5947

CRITICAL EXPLOITED NUCLEI

Service Finder Bookings <6.0 - Privilege Escalation

Title source: llm

Description

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's cookie value prior to logging them in through the service_finder_switch_back() function. This makes it possible for unauthenticated attackers to login as any user including admins.

Exploits (1)

github WORKING POC 1 stars

by M4rgs · remote

https://github.com/M4rgs/CVE-2025-5947_Exploit

View Code ZIP pw:eip

Nuclei Templates (1)

Service Finder Bookings - Authentication Bypass

CRITICALby sedat4ras

References (4)

[Various Sources] https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793

[Third Party Advisory] https://www.vicarius.io/vsociety/posts/cve-2025-5947-detect-wordpress-vulnerability

[Third Party Advisory] https://www.vicarius.io/vsociety/posts/cve-2025-5947-mitigate-wordpress-vulnerability

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/c1fe4f60-d93b-4071-90ae-ac863c17fe19?source=cve

Scores

CVSS v3 9.8

EPSS 0.4621

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-10-07

CWE

CWE-639

Status published

Products (1)

aonetheme/Service Finder Bookings < 6.0

Published Aug 01, 2025

Tracked Since Feb 18, 2026