Authentication Bypass Vulnerability in Service Finder SMS System Plugin for WordPress
CVE-2025-5955

8.1HIGH

Key Information:

Vendor: WordPress
Status: Service Finder Sms System
Vendor: CVE Published:; 19 September 2025

What is CVE-2025-5955?

The Service Finder SMS System plugin for WordPress has a critical flaw that allows unauthenticated users to bypass authentication procedures and gain access to user accounts. The vulnerability stems from the plugin failing to verify phone numbers before granting access, enabling malicious actors to log in as any user without proper credentials. This security lapse affects all versions up to 2.0.0, posing a serious risk to the confidentiality and integrity of user data.

Affected Version(s)

Service Finder SMS System * <= 2.0.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/service-finder-service-and-b...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Jun 9, 2025

Credit

Friderika Baranyai