Critical severity9.8NVD Advisory· Published Oct 9, 2025· Updated Apr 15, 2026

CVE-2025-11522

Description

The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the search_and_go_elated_check_facebook_user() function This makes it possible for unauthenticated attackers to gain access to other user's accounts, including administrators, when Facebook login is enabled. CVE-2025-62064 is likely a duplicate of this CVE.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

themeforest.net/item/search-go-modern-smart-directory-theme/15365040nvd
www.wordfence.com/threat-intel/vulnerabilities/id/da590a65-8728-4577-b6e4-ecebc2a2277dnvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000