Skip to main content

Context Blog

1 CVEs product

Monthly

CVE-2026-6801 MEDIUM This Month

Context Blog WordPress theme (all versions through 1.3.5) exposes the full content of password-protected posts to unauthenticated remote attackers through the `context_blog_modal_popup` component, effectively bypassing WordPress's native content-gating mechanism. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms trivially low exploitation complexity with no authentication or user interaction required. No public exploit code or active exploitation has been identified at time of analysis, and real-world impact is bounded entirely by what site owners store behind password-protected posts.

WordPress Information Disclosure Context Blog
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
EPSS 0% CVSS 5.3
MEDIUM This Month

Context Blog WordPress theme (all versions through 1.3.5) exposes the full content of password-protected posts to unauthenticated remote attackers through the `context_blog_modal_popup` component, effectively bypassing WordPress's native content-gating mechanism. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms trivially low exploitation complexity with no authentication or user interaction required. No public exploit code or active exploitation has been identified at time of analysis, and real-world impact is bounded entirely by what site owners store behind password-protected posts.

WordPress Information Disclosure Context Blog
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy