Primary

Context

Case Theme User WordPress Plugin Authentication Bypass Vulnerability

Vulnerability

A vulnerability allowing authentication bypass has been identified in the Case Theme User plugin for WordPress, affecting all versions through 1.0.3. The issue arises because the plugin fails to properly log in users with data previously verified through the facebook_ajax_login_callback. This flaw enables unauthenticated attackers to log in as administrative users, provided they have an existing account on the site and access to the administrative user's email.

Impact

Exploitation of this vulnerability allows unauthenticated attackers to gain administrative access to WordPress sites, potentially leading to full control over the site and its content.

Remediation

Users are advised to update the Case Theme User plugin to version 1.0.4 or a newer patched version.

Added: Aug 23, 2025, 7:16 AM

Updated: Aug 23, 2025, 7:16 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Case Theme User WordPress Plugin Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating