CVE-2025-5821
BaseFortify
Publication date: 2025-08-23
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | case_theme_user_plugin | 1.0.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Case Theme User plugin for WordPress up to version 1.0.3. It is an authentication bypass issue caused by the plugin not properly logging in users after their data has been verified through the facebook_ajax_login_callback() function. This flaw allows unauthenticated attackers who have an existing account on the site and access to an administrative user's email to log in as that administrative user.
How can this vulnerability impact me? :
The vulnerability can have severe impacts as it allows attackers to bypass authentication and gain administrative access to the WordPress site. This means attackers can fully control the site, potentially leading to data theft, site defacement, unauthorized changes, and disruption of services.