CVE-2025-12074

Medium CVSS: 5.3

The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'context_blog_modal_popup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.

Vendor

Product

CWE

CWE-200

Yayın Tarihi

2026-02-18 05:16:16

Güncelleme

2026-02-18 17:51:53

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-200 MEDIUM 2026

Referanslar

https://themes.svn.wordpress.org/context-blog/1.2.1/inc/ajax/modal-popup.php https://themes.trac.wordpress.org/changeset/297968/ https://wordpress.org/themes/context-blog/ https://www.postmagthemes.com/downloads/context-blog-free-wordpress-theme/ https://www.wordfence.com/threat-intel/vulnerabilities/id/25552fdb-c55b-4390-a614-7c007c5fe7b1?source=cve