A critical authentication-bypass vulnerability in the Service Finder “Bookings” plugin/theme (affecting versions up to 6.0) allows unauthenticated attackers to take over accounts — including administrator accounts — on vulnerable WordPress sites. Multiple security researchers and vendors have confirmed active exploitation in the wild. If your site uses the Service Finder theme or bundled Bookings plugin, update to the fixed release immediately (or remove the plugin) and follow the emergency checklist below.
Read More