Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Network-accessible via authenticated HTTP request (AV:N, PR:L); no complexity or interaction needed; confidentiality-only impact with no integrity or availability effect.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.
AnalysisAI
Sensitive data exposure in the Corpkit WordPress theme (versions <= 1.0.5) allows an authenticated subscriber-level user to retrieve confidential information that should be inaccessible to that role. The CVSS vector (PR:L, C:H) confirms that any low-privileged account holder - the default registered-user role in WordPress - can trigger the disclosure over the network with no additional interaction required. No public exploit code or active exploitation has been identified at time of analysis, but the low barrier of entry (subscriber registration is often open on WordPress sites) elevates real-world risk.
Technical ContextAI
Corpkit is a WordPress theme developed by zozothemes, identified via CPE cpe:2.3:a:zozothemes:corpkit:*:*:*:*:*:*:*:*. WordPress themes can introduce REST API endpoints, AJAX handlers, or template logic that inadvertently expose backend data to authenticated users. CWE-201 (Insertion of Sensitive Information Into Sent Data) indicates the root cause: the theme includes sensitive data in server responses - such as API keys, user metadata, configuration values, or private post content - in a context reachable by subscribers. This class of flaw typically arises when theme developers fail to apply capability checks (e.g., current_user_can()) before returning data in AJAX or REST responses, causing the server to actively transmit privileged information rather than the client inferring it.
RemediationAI
Update the Corpkit theme to a version beyond 1.0.5 as soon as a patched release is available from the zozothemes developer. Patch availability per vendor advisory is referenced via Patchstack at https://patchstack.com/database/wordpress/theme/corpkit/vulnerability/wordpress-corpkit-theme-1-0-5-sensitive-data-exposure-vulnerability - consult this page for the confirmed fix version, which was not independently confirmed in the available data. If an immediate update is not possible, consider disabling public user registration on the WordPress site (Settings > General > uncheck 'Anyone can register') to prevent unauthenticated parties from obtaining the subscriber role needed to exploit this flaw; note this trade-off may impact legitimate site functionality. Additionally, review active subscriber accounts for suspicious activity and audit theme AJAX/REST handlers for missing capability checks as a compensating control.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210401
GHSA-j4cc-7jwr-r3p2