Active exploitation of WordPress theme bug underway

BleepingComputer reports that over 13,800 attack attempts aimed at a critical authentication bypass vulnerability in the Service Finder WordPress theme, tracked as CVE-2025-5947, have been launched since the beginning of August. Attempted intrusions against the flaw which could result in privilege escalation, total content and settings control, PHP file uploads, and database exports exceeded 1,500 daily beginning Sept. 23, with most of the attacks that involve HTTP GET requests for user impersonation stemming from only five IP addresses, according to Wordfence. Organizations with websites using Service Finder versions 6.0 and older have been urged to promptly apply version 6.1 of the theme issued in July, as well as blocklist specific IP addresses used in the attacks. All logs and accounts should also be examined for questionable activity that could enable persistence. "The absence of any such log entries does not guarantee that your website has not been compromised," said Wordfence.