Description
The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the context_blog_modal_popup. This makes it possible for unauthenticated attackers to extract the content of password-protected posts.
Problem types
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Product status
Any version
Timeline
| 2026-07-10: | Disclosed |
Credits
Ryoma Nishioka
References
www.wordfence.com/...-3135-45a1-97d2-05fcbbca9e5f?source=cve
themes.trac.wordpress.org/...-blog&new=329636%40context-blog