KEVIntel
PRO Back to KEVs
9.8
CVSS
Critical

CVE-2025-5821

PUBLISHED

Case Theme User <= 1.0.3 - Authentication Bypass via Social Login

Exploited in the wild Remote Low complexity No user interaction
Vendor
Case-Themes
Product
Case Theme User
Published
Aug 23, 2025
EPSS
0.5% · 65% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_login_callback(). This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site, and access to the administrative user's email.

wordpress

Weaknesses (CWE)

  • CWE-288

    Authentication Bypass Using an Alternate Path or Channel

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2026-06-11 00:20:49 UTC · Daily CyberSecurity

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
Daily CyberSecurity First 2026-06-11 00:20 UTC

Recent mentions

Critical UpdraftPlus CVE-2026-10795 Exploit Targets Millions

Daily CyberSecurity · Jun 10, 2026

Cybersecurity experts recently identified a massive threat to WordPress websites. Specifically, hackers are actively exploiting a critical UpdraftPlus The post Critical UpdraftPlus CVE-2026-10795 Exploit Targets Millions appeared first on Daily CyberSecurity. Related posts: Critical WordPress Plugin Flaw (CVE-2025-7384, CVSS 9.8) Exposes 70,000+ Sites to RCE and Data Loss CVE-2025-5821: Critical Authentication Bypass in WordPress Case Theme User Plugin Exploited in the Wild Critical Flaw in Termix Docker Image (CVE-2025-59951) Leaks SSH Credentials Without Authentication

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel