{
  "name": "Attackers Actively Exploiting Critical Vulnerability in Service Finder Bookings Plugin",
  "slug": "attackers-actively-exploiting-critical-vulnerability-in-service-finder-bookings-plugin",
  "description": "On June 8th, 2025, we received a submission through our Bug Bounty Program for an Authentication Bypass vulnerability in Service Finder Bookings, a WordPress plugin bundled with the Service Finder theme. This theme has been sold to approximately 6,000 customers. This vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site including accounts with the \u2018administrator\u2019 role. The vendor released the patched version on July 17, 2025, and we publicly disclosed this vulnerability on July 31, 2025.",
  "published": "2025-10-09T14:54:10+00:00",
  "created_at": "2025-10-09T14:54:10+00:00",
  "modified_at": "2025-10-09T15:00:37+00:00",
  "created_at_opencti": "2025-10-09T14:54:10+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-10-09",
    "authentication bypass",
    "exploit",
    "service finder",
    "service finder bookings",
    "vulnerability",
    "wordfence",
    "wordpress"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "178.125.204.198"
      },
      {
        "id": "",
        "name": "194.68.32.71"
      },
      {
        "id": "",
        "name": "192.121.16.196"
      },
      {
        "id": "",
        "name": "185.109.21.157"
      },
      {
        "id": "",
        "name": "5.189.221.98"
      }
    ],
    "attack_patterns": [
      {
        "id": "7fbd468f-f4d7-40f6-ae04-befb34b85e4c",
        "name": "T1506"
      },
      {
        "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62",
        "name": "T1190"
      },
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ]
  },
  "external_refs": [
    "https://www.wordfence.com/blog/2025/10/attackers-actively-exploiting-critical-vulnerability-in-service-finder-bookings-plugin/",
    "https://otx.alienvault.com/pulse/68e7e8b4e4ba51db6e3330ef"
  ]
}