CVE-2025-5955

High CVSS: 8.1

The Service Finder SMS System plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.0. This is due to the plugin not verifying a user's phone number before logging them in. This makes it possible for unauthenticated attackers to login as arbitrary users.

Vendor

Product

CWE

CWE-288

Yayın Tarihi

2025-09-19 05:15:33

Güncelleme

2025-09-19 16:00:27

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-288 HIGH 2025

Referanslar

https://themeforest.net/item/service-finder-service-and-business-listing-wordpress-theme/15208793 https://www.wordfence.com/threat-intel/vulnerabilities/id/cc4598a7-d5cf-4553-b29a-659fe288ece9?source=cve