Plattform
wordpress
Komponente
case-theme-user
Behoben in
1.0.5
CVE-2025-5804 describes a PHP Local File Inclusion (LFI) vulnerability present in the Case Themes Case Theme User component. This flaw allows an attacker to manipulate file inclusion paths, potentially leading to the execution of arbitrary code on the server. The vulnerability impacts versions of Case Theme User from 0.0.0 through 1.0.4. A patch addressing this issue is available in version 1.0.4.
Successful exploitation of CVE-2025-5804 allows an attacker to read any file accessible to the web server process. This could include configuration files containing database credentials, source code with sensitive information, or even system files. Depending on the files included, an attacker could gain control of the server, execute arbitrary code, or steal sensitive data. The impact is amplified if the server is used to process sensitive data or is part of a critical infrastructure.
Exploitation context for CVE-2025-5804 is currently unknown. The vulnerability is not listed on KEV or EPSS. Public proof-of-concept (POC) code is not readily available. The vulnerability was published on 2026-04-10, suggesting it may be relatively new and not yet actively exploited.
Exploit-Status
EPSS
0.07% (22% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-5804 is to immediately upgrade Case Theme User to version 1.0.4 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting file access permissions to the web server user and implementing strict input validation to prevent malicious file paths from being included. Review and harden the application's file inclusion mechanisms to prevent similar vulnerabilities in the future. After upgrading, confirm the fix by attempting to trigger the vulnerable file inclusion functionality and verifying that it is now blocked.
Actualice el plugin Case Theme User a una versión corregida (superior a 1.0.4) para mitigar la vulnerabilidad de inclusión de archivos locales. Verifique la fuente del plugin en wordpress.org para obtener la última versión. Considere implementar medidas de seguridad adicionales, como restringir el acceso a archivos sensibles.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
It's a PHP Local File Inclusion (LFI) vulnerability in Case Themes Case Theme User, allowing attackers to include arbitrary files.
If you are using Case Theme User versions 0.0.0 through 1.0.4, you are potentially affected by this vulnerability.
Upgrade Case Theme User to version 1.0.4 or later to resolve the vulnerability. Implement temporary workarounds if immediate upgrade is not possible.
Currently, there are no publicly known exploits or active exploitation campaigns targeting this vulnerability.
Refer to the National Vulnerability Database (NVD) entry for CVE-2025-5804 for detailed information and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.