Information Exposure Vulnerability in Context Blog Theme by WordPress
CVE-2025-12074

5.3MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
18 February 2026

What is CVE-2025-12074?

The Context Blog theme for WordPress contains a vulnerability that allows unauthenticated attackers to access sensitive information from password-protected, private, or draft posts. This issue arises from inadequate restrictions on the 'context_blog_modal_popup' feature, leading to potential data exposure. Users of versions up to and including 1.2.5 are advised to take appropriate measures to secure their sites and apply necessary updates.

Affected Version(s)

Context Blog 0 <= 1.2.5

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

jason carle
.