A critical security vulnerability, tracked as CVE-2025-5947, has been identified in the Service Finder WordPress theme, allowing hackers to bypass authentication and potentially gain control over any account, including those of administrators. Discovered by researcher Foxyyy, the flaw stems from inadequate validation of user cookie values, leading to privilege escalation. Since August 1, 2025, over 13,800 exploitation attempts have been recorded, highlighting the urgency for site administrators to update to version 6.1, released on July 17, 2025. This incident underscores the importance of maintaining software security and vigilance against unauthorized access, as such vulnerabilities can lead to significant risks, including data breaches and the distribution of malware.