Context Blog

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'context_blog_modal_popup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.

Basic Information

ID CVE-2025-12074

Source Wordfence

Published Feb 18, 2026 at 04:35

Affected Product

Vendor postmagthemes

Product Context Blog

Version *

Affected Versions postmagthemes Context Blog *

CWE Classification

CWE-200

References

{
    "lastseen": "",
    "description": "The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'context_blog_modal_popup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.",
    "published": "2026-02-18T04:35:41.852Z",
    "modified": "2026-02-18T04:35:41.852Z",
    "type": "cve",
    "title": "Context Blog <= 1.2.5 - Unauthenticated Private Post Disclosure",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/25552fdb-c55b-4390-a614-7c007c5fe7b1?source=cve\nhttps://themes.svn.wordpress.org/context-blog/1.2.1/inc/ajax/modal-popup.php\nhttps://wordpress.org/themes/context-blog/\nhttps://www.postmagthemes.com/downloads/context-blog-free-wordpress-theme/\nhttps://themes.trac.wordpress.org/changeset/297968/",
    "id": "CVE-2025-12074",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "postmagthemes Context Blog *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Context Blog",
    "version": "*",
    "vendor": "postmagthemes",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Context Blog <= 1.2.5 - Unauthenticated Private Post Disclosure_CVE-2025-12074