A critical vulnerability (CVE-2025-5947) in the Service Finder Bookings plugin for WordPress enables unauthenticated attackers to gain administrative access to affected sites. This flaw underscores the urgent need for prompt patching and highlights ongoing risks associated with insecure plugin design.