CVE-2025-5804
Received Received - Intake
PHP Local File Inclusion Vulnerability in Case Theme User Plugin

Publication date: 2026-04-10

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User case-theme-user allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a through < 1.0.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-10
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-5804
EUVD
EUVD-2025-209401
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
case_themes case_theme_user From 1.0.4 (exc)
case_themes case_theme_user to 1.0.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-5804 is a Local File Inclusion (LFI) vulnerability in the WordPress Case Theme User plugin versions prior to 1.0.4. It allows an attacker to include and display local files from the target website by exploiting improper control of filenames in PHP include/require statements.

This vulnerability is classified as high priority with a CVSS score of 7.5 and falls under the OWASP Top 10 category A3: Injection.

Exploitation can be triggered by an unauthenticated user but requires a privileged user to perform an action such as clicking a malicious link, visiting a crafted page, or submitting a form.

Impact Analysis

Successful exploitation of this vulnerability can lead to the attacker including and viewing sensitive local files on the website, such as database credentials.

Depending on the website's configuration, this could result in a complete database takeover.

The vulnerability is highly dangerous and expected to be exploited in mass campaigns targeting many websites regardless of their traffic or popularity.

Compliance Impact

The CVE-2025-5804 vulnerability allows attackers to include and display local files from the target website, potentially exposing sensitive information such as database credentials.

Exposure of sensitive data through this Local File Inclusion vulnerability could lead to violations of data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information.

Therefore, if exploited, this vulnerability may compromise compliance with these common standards and regulations by enabling unauthorized access to protected data.

Detection Guidance

The CVE-2025-5804 vulnerability is a Local File Inclusion (LFI) issue affecting the WordPress Case Theme User Plugin versions prior to 1.0.4. Detection involves monitoring for attempts to include local files via crafted URLs or form submissions targeting the plugin.

Since exploitation can be triggered by visiting a malicious link or submitting a crafted form, network detection can focus on identifying suspicious HTTP requests containing file inclusion patterns or unusual parameters related to the plugin.

Specific commands are not provided in the resources, but common approaches include searching web server logs for suspicious requests or using intrusion detection systems (IDS) with rules to detect LFI attempts.

Mitigation Strategies

The immediate mitigation step is to update the Case Theme User plugin to version 1.0.4 or later, which contains the patch resolving this Local File Inclusion vulnerability.

Until the update can be applied, Patchstack provides a mitigation rule to block attacks exploiting this vulnerability.

Users unable to update immediately are advised to seek assistance from their hosting provider or web developer to apply temporary protections.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-5804. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart