- CVE-2025-5947 allows non-approved administrator access in service find WordPress-themed versions ≤ 6.0
- Over 13,800 exploitation attempts that were observed since August; Attackers are actively targeted at vulnerable places
- Patching is critical; Blocking five known IPs can help but don’t stop future attacks
Sites that run the popular service find -Bookinger WordPress -theme are actively targeted after the discovery of a critical difficulty vulnerability.
On July 17, Aontheme Version 6.1 released Service Finder, which included a solution for an approval compass failure that affected all versions up to and including 6.0. Since plugin did not validate a user’s cookie value correctly before logging them in, it was possible for non -approved attackers to log in as any user -including admin.
Vulnerability is traced as CVE-2025-5947 and got a severity of 9.8/10 (critical) as it enabled full takeover of sites, data exfiltration, malware implementation and more.
Thousands of attacks
The theme can be purchased in the Envato market, which shows that it was already acquired more than 6,000 times. According to Bleeping computerMost places that buy the theme use it actively, so the attack surface can be quite large.
In addition, WordPress Security Company Wordfence says that since August 1, it observed more than 13,800 attempts to exploit this vulnerability, which means threat actors are well aware of it and is active hunting for victims. At the time of the press, Wordfence said it saw more than 200 attacks the last 24 hours alone.
Such a large number suggests hundreds of attackers, but it seems that the majority of attack requests came from only five IP addresses.
This can make things easier for the defenders, as just blocking them would be enough to prevent intrusion. However, attackers could always switch to new ones, so it is the best way to tackle the increasing risk at the increasing risk.
Those who are concerned about being targeted must also review their logs of suspicious or otherwise unexpected login activity or accounts that threat players may have created to establish persistence.
Via Bleeping computer
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
