Critical vulnerability in WordPress "Service Finder" theme: Attackers can take over administrator accounts
A critical vulnerability detected in the reservation module of the "Service Finder" theme used on WordPress-based sites allows attackers to access administrator accounts without authentication.
A critical security vulnerability has been detected in the reservation module in the WordPress theme “Service Finder”.
According to experts, the vulnerability is caused by the malfunction of the function called “service_finder_switch_back()”.
Cyber security researchers state that the vulnerability in question allows malicious people to change content, update passwords, add malicious code or use the site in phishing and malware campaigns.
Domain and Risks
The vulnerability affects all versions of the “Service Finder” theme up to version 6.0.
According to security reports, requests from IP addresses 5.189.221.98, 185.109.21.157, 192.121.16.196, 194.68.32.71 and 178.125.204.198 were detected in the attack attempts.
Precautions to be Taken
Experts recommend switching to version 6.0 or later of the theme, reviewing all user accounts and permissions, and activating plugins such as firewall (WAF) or Wordfence.
If the system is planned to be restored from backup, it is necessary to ensure that the backups used are taken from a clean and reliable source.
Kaynak: Beykozun Sesi
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
