VYPR

Case Theme User

by WordPress

CVEs (2)

  • CVE-2025-5821CriAug 23, 2025
    risk 0.64cvss 9.8epss 0.01

    The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging in a user with the data that was previously verified through the facebook_ajax_login_callback() function.…

  • CVE-2025-5804HigApr 10, 2026
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User case-theme-user allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a through < 1.0.4.