Corpkit
Monthly
Sensitive data exposure in the Corpkit WordPress theme (versions <= 1.0.5) allows an authenticated subscriber-level user to retrieve confidential information that should be inaccessible to that role. The CVSS vector (PR:L, C:H) confirms that any low-privileged account holder - the default registered-user role in WordPress - can trigger the disclosure over the network with no additional interaction required. No public exploit code or active exploitation has been identified at time of analysis, but the low barrier of entry (subscriber registration is often open on WordPress sites) elevates real-world risk.
Sensitive data exposure in the Corpkit WordPress theme (versions <= 1.0.5) allows an authenticated subscriber-level user to retrieve confidential information that should be inaccessible to that role. The CVSS vector (PR:L, C:H) confirms that any low-privileged account holder - the default registered-user role in WordPress - can trigger the disclosure over the network with no additional interaction required. No public exploit code or active exploitation has been identified at time of analysis, but the low barrier of entry (subscriber registration is often open on WordPress sites) elevates real-world risk.