Authentication Bypass Vulnerability in Case Theme User Plugin for WordPress
CVE-2025-5821
What is CVE-2025-5821?
CVE-2025-5821 is an authentication bypass vulnerability affecting the Case Theme User plugin for WordPress, present in all versions up to and including 1.0.3. This vulnerability arises from a flaw in the plugin's login process, specifically the failure to correctly authenticate users when leveraging the facebook_ajax_login_callback() function. As a result, unauthenticated attackers can gain administrative access to a site if they have a valid user account and can access the email of an administrative user. This severe security gap can lead to unauthorized actions within the WordPress environment, including alteration of site content, user manipulation, or installation of malicious software, thereby posing substantial risks to organizational integrity and data security.
Potential impact of CVE-2025-5821
-
Unauthorized Administrative Access: Attackers can exploit this vulnerability to log in as administrative users, granting them control over site settings, content management, and user permissions, potentially leading to a complete compromise of the website.
-
Data Breaches: With access to administrative functions, threat actors can extract sensitive data, including user information and proprietary content, leading to significant privacy and compliance violations.
-
Malicious Modifications and Malware Deployment: Unauthorized users may introduce malicious scripts or modify existing content to serve malware, which can harm both the website's visitors and its overall reputation, resulting in financial and operational consequences.
Affected Version(s)
Case Theme User * <= 1.0.3