WordPress Plugin Panic: Hackers Exploit Critical Flaw to Nab Admin Accounts
CVE-2025-5947 lets hackers play admin on your WordPress site! Thanks to a flaw in the Service Finder Bookings plugin, attackers can bypass authentication and access any account, including admin. So, unless you fancy a surprise visitor in your digital office, update that plugin pronto!
Hot Take:
In the world of cybersecurity, there’s nothing quite like discovering that your WordPress site has more holes than Swiss cheese. Thanks to the Service Finder Bookings plugin vulnerability, hackers have been having a field day, logging in as admins and wreaking havoc faster than you can say ‘Oops!’ It’s time for WordPress users to take a break from choosing the perfect font and start patching those plugins before their sites become the wild west of the internet.
Key Points:
– A critical vulnerability in the Service Finder Bookings plugin allows attackers to log in as any user, including admins.
– The flaw, CVE-2025-5947, has a CVSS score of 9.8, indicating its severity.
– The vulnerability is due to improper cookie validation within the service_finder_switch_back() function.
– Wordfence has blocked over 13,800 exploit attempts since the patch’s release.
– Users are advised to check for suspicious activity, especially requests with the ‘switch_back’ parameter.