Plateforme
wordpress
Composant
case-theme-user
Corrigé dans
1.0.5
La vulnérabilité CVE-2025-5804 est une faille d'inclusion de fichiers locaux (LFI) dans le composant Case Theme User. Cette vulnérabilité permet à un attaquant d'inclure des fichiers locaux arbitraires, ce qui peut entraîner la divulgation d'informations sensibles ou l'exécution de code malveillant. Elle affecte les versions de Case Theme User comprises entre 1.0.0 et 1.0.4. Une version corrigée, 1.0.4, est disponible.
The primary impact of this LFI vulnerability is the potential for remote code execution (RCE). By crafting malicious file inclusion requests, an attacker can include sensitive system files, configuration files, or even PHP scripts. Successful exploitation could allow an attacker to read sensitive data, modify application behavior, or gain complete control over the affected server. The attacker could potentially escalate privileges and move laterally within the network if the server has access to other resources. This vulnerability shares similarities with other LFI exploits where attackers leverage the ability to include arbitrary files to compromise the system.
CVE-2025-5804 was published on 2026-04-10. The vulnerability's severity is rated as HIGH with a CVSS score of 7.5. Currently, there are no publicly known Proof-of-Concept (POC) exploits. The EPSS score is pending evaluation. There are no indications of active exploitation campaigns targeting this vulnerability at this time. Refer to the NVD (National Vulnerability Database) for updates and further information.
Statut de l'Exploit
EPSS
0.07% (percentile 22%)
CISA SSVC
The recommended mitigation for CVE-2025-5804 is to immediately upgrade Case Theme User to version 1.0.4 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. These may include restricting file access permissions, implementing input validation to sanitize file paths, and configuring a Web Application Firewall (WAF) to block suspicious file inclusion attempts. Specifically, WAF rules should be configured to detect and block requests containing potentially malicious file paths. Monitor system logs for unusual file access patterns that might indicate exploitation attempts. After upgrading, confirm the fix by attempting a file inclusion request with a known malicious path; the request should be blocked or result in an error.
Actualice el plugin Case Theme User a una versión corregida (superior a 1.0.4) para mitigar la vulnerabilidad de inclusión de archivos locales. Verifique la fuente del plugin en wordpress.org para obtener la última versión. Considere implementar medidas de seguridad adicionales, como restringir el acceso a archivos sensibles.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
C'est une vulnérabilité PHP Local File Inclusion (LFI) dans Case Theme User, permettant l'inclusion de fichiers locaux.
Oui, si vous utilisez Case Theme User versions 1.0.0 à 1.0.4, vous êtes potentiellement affecté.
Mettez à jour Case Theme User vers la version 1.0.4 ou supérieure.
Vecteur CVSS
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.