ByteOS Network

Case-Themes

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-5821

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-9.8||CRITICAL

EPSS-0.14% / 34.51%

7 Day CHG~0.00%

Published-23 Aug, 2025 | 06:43

Updated-25 Aug, 2025 | 20:24

Case Theme User <= 1.0.3 - Authentication Bypass via Social Login

The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_login_callback(). This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site, and access to the administrative user's email.

Vendor-Case-Themes

Product-Case Theme User

CWE ID-CWE-288

Authentication Bypass Using an Alternate Path or Channel

CVE-2025-32298

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.5||HIGH

EPSS-0.12% / 32.31%

7 Day CHG~0.00%

Published-27 Jun, 2025 | 11:52

Updated-30 Jun, 2025 | 18:38

WordPress CTUsers plugin <= 1.0.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case-Themes CTUsers allows PHP Local File Inclusion. This issue affects CTUsers: from n/a through 1.0.0.

Vendor-Case-Themes

Product-CTUsers

CWE ID-CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')