关键漏洞信息 CVE: CVE-2023-41922 CVSS Score: 9.8 (Critical) Published Date: October 8, 2025 Last Updated: October 9, 2025 Researcher: khanhinhnhakl - VNPT Cyber Immunity 漏洞详情 Software Type: Theme Software Slug: search-and-go Patched?: Yes Remediation: Update to version 2.8, or a newer patched version Affected Version: <= 2.7 Patched Version: 2.8 描述 The Search & Go - Directory WordPress Theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the function. This makes it possible for unauthenticated attackers to gain access to other users' accounts, including administrators, when Facebook login is enabled.