A critical vulnerability in the WordPress Case Theme User plugin allows attackers to take over any user account, including administrators, by bypassing Facebook login verification with a known email address. Exploitation attempts are already underway, targeting thousands of vulnerable sites, and attackers are actively searching for administrative accounts. Immediate patching to version 1.0.4 is essential to prevent site compromise.