Primary

Context

Search & Go Directory WordPress Theme Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

A vulnerability allowing authentication bypass and account takeover has been identified in the Search & Go - Directory WordPress Theme, affecting all versions through 2.7. This issue arises from inadequate user validation in the 'search_and_go_elated_check_facebook_user()' function, enabling unauthenticated attackers to access the accounts of other users, including administrators, when Facebook login is activated.

Impact

Exploitation of this vulnerability allows for unauthorized access to user accounts, including those of administrators, potentially leading to further privilege escalation.

Remediation

Users are advised to update the theme to version 2.8 or a newer patched version.

Added: Oct 9, 2025, 8:18 AM

Updated: Oct 9, 2025, 4:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Search & Go Directory WordPress Theme Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating