On May 31st, 2025, we received a submission for an Authentication Bypass via Social Login vulnerability in Case Theme User, a WordPress plugin with an estimated 12,000 active installations. The plugin is bundled in multiple premium themes. This vulnerability makes it possible for an unauthenticated attacker to gain access to any account on a site including accounts used to administer the site, if the attacker knows, or can find, the associated email address. The vendor released the patched version on August 13th, 2025, and we originally disclosed this vulnerability on August 22nd, 2025. Our records indicate that attackers started exploiting the issue the next day on August 23rd, 2025. The Wordfence Firewall has already blocked over 20,900 exploit attempts targeting this vulnerability.
The post Attackers Actively Exploiting Critical Vulnerability in Case Theme User Plugin appeared first on Wordfence.
Read the original article: