Cornerstone
Monthly
Sensitive information disclosure in the premium Cornerstone page builder (bundled with the X theme) versions 3.0.0 through 7.8.7 allows any authenticated WordPress user to extract raw password hashes and other private user metadata. The CSS-preview request handler fails to enforce capability checks while exposing its required nonce on every wp-admin page, and publicly available exploit code exists per WPScan, though no active exploitation has been reported.
Authenticated information disclosure in the premium Cornerstone page builder (bundled with the X WordPress theme) before version 7.8.9 allows any logged-in user to enumerate other users' metadata via an unprotected REST API route. Disclosed data includes roles, session token previews, and stored billing/shipping fields, enabling account targeting and potential session abuse. Publicly available exploit code exists per WPScan, though there is no public exploit identified as actively used in the wild and the issue is not listed in CISA KEV.
SQL injection in the Cornerstone WordPress plugin (Themeco) versions prior to 7.8.8 allows authenticated users with Subscriber-level access to inject SQL into backend queries. Per the CVSS vector (PR:L, scope changed, C:H), a low-privileged WordPress account can read sensitive database contents - including credentials and PII - across security boundaries, with limited availability impact and no integrity impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Arbitrary code execution in Themeco Cornerstone WordPress plugin versions prior to 7.8.8 allows authenticated low-privilege users (Subscriber role) to inject and execute arbitrary code on the underlying server. The CVSS:3.1 vector indicates a scope-changed network-vector flaw with high impact on confidentiality, integrity, and availability, though high attack complexity tempers the realistic risk. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
Sensitive information disclosure in the premium Cornerstone page builder (bundled with the X theme) versions 3.0.0 through 7.8.7 allows any authenticated WordPress user to extract raw password hashes and other private user metadata. The CSS-preview request handler fails to enforce capability checks while exposing its required nonce on every wp-admin page, and publicly available exploit code exists per WPScan, though no active exploitation has been reported.
Authenticated information disclosure in the premium Cornerstone page builder (bundled with the X WordPress theme) before version 7.8.9 allows any logged-in user to enumerate other users' metadata via an unprotected REST API route. Disclosed data includes roles, session token previews, and stored billing/shipping fields, enabling account targeting and potential session abuse. Publicly available exploit code exists per WPScan, though there is no public exploit identified as actively used in the wild and the issue is not listed in CISA KEV.
SQL injection in the Cornerstone WordPress plugin (Themeco) versions prior to 7.8.8 allows authenticated users with Subscriber-level access to inject SQL into backend queries. Per the CVSS vector (PR:L, scope changed, C:H), a low-privileged WordPress account can read sensitive database contents - including credentials and PII - across security boundaries, with limited availability impact and no integrity impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Arbitrary code execution in Themeco Cornerstone WordPress plugin versions prior to 7.8.8 allows authenticated low-privilege users (Subscriber role) to inject and execute arbitrary code on the underlying server. The CVSS:3.1 vector indicates a scope-changed network-vector flaw with high impact on confidentiality, integrity, and availability, though high attack complexity tempers the realistic risk. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.