CVE-2025-5821
published 2025-08-23CVE-2025-5821: The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not…
PriorityP187critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.71%
49.0th percentile
The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging in a user with the data that was previously verified through the facebook_ajax_login_callback() function. This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site which can easily be created by default through the temp user functionality, and access to the administrative user's email.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| case-themes | case_theme_user | <= 1.0.3 | — |
| craftcms | cms | >= 3.0.0 < 4.16.17 | 4.16.17 |
| craftcms | cms | >= 4.0.0-RC1 < 4.16.17 | 4.16.17 |
| craftcms | cms | >= 5.0.0-RC1 < 5.8.21 | 5.8.21 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa9.1CRITICAL
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior
ghsa·2026-01-05·CVSS 9.1
CVE-2025-68455 [CRITICAL] CWE-470 Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior
Craft CMS vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior
Note that attackers must have administrator access to the Craft Control Panel for this to work.
Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue.
Resources:
https://github.com/craftcms/cms/commit/6e608a1a5bfb36943f94f584b7548ca542a86fef
https://github.com/craftcms/cms/commit/27f55886098b56c00ddc53b69239c9c9192252c7
https://github.com/craftcms/cms/commit/ec43c497edde0b2bf2e39a119cded2e55f9fe593
https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04
### Summary
This was reported as a vulnerability in Yii framework on August 7th (https://github.com/yiisoft/yii2/security/advisories/GHSA-gcmh-9pjj-7fp4). The Yii framework team deni
GHSA
Unauthenticated Craft CMS users can trigger a database backup
ghsa·2026-01-05
CVE-2025-68456 [HIGH] CWE-202 Unauthenticated Craft CMS users can trigger a database backup
Unauthenticated Craft CMS users can trigger a database backup
Unauthenticated users can trigger database backup operations the `updater/backup` action, potentially leading to resource exhaustion or information disclosure.
Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue.
Craft 3 users should update to the latest Craft 4 and 5 releases, which include the fixes.
References:
https://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39
https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821---2025-12-04
## Affected Endpoints
- `POST /admin/actions/updater/backup` (unauthenticated)
## Vulnerability Details
### Root Cause
All `updater/*` actions are explicitly configured with anonymous access:
```php
// BaseUpdaterController.
GHSA
GHSA-8v37-q45v-wgrx: The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1
ghsa_unreviewed·2025-08-23
CVE-2025-5821 [CRITICAL] CWE-288 GHSA-8v37-q45v-wgrx: The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1
The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_login_callback(). This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site, and access to the administrative user's email.
VulnCheck
Authentication Bypass Using an Alternate Path or Channel
vulncheck·2025·CVSS 9.8
CVE-2025-5821 [CRITICAL] Authentication Bypass Using an Alternate Path or Channel
Authentication Bypass Using an Alternate Path or Channel
The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging in a user with the data that was previously verified through the facebook_ajax_login_callback() function. This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site which can easily be created by default through the temp user functionality, and access to the administrative user's email.
Affected: Case-Themes Case Theme User plugin for WordPress
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations
Citrix
Citrix Security Bulletin CTX111186
vendor_citrix·CVSS 7.5
CVE-2006-5821 [HIGH] Citrix Security Bulletin CTX111186
Citrix Security Bulletin CTX111186
CVE References: CVE-2006-5821, CVE-2006-5861, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-23
Published
Exploited in the wild