CVE-2026-6801 PUBLISHED

Context Blog <= 1.3.5 - Unauthenticated Sensitive Information Exposure via 'postID' Parameter

Assigner: Wordfence
Reserved: 21.04.2026 Published: 11.07.2026 Updated: 11.07.2026

The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the context_blog_modal_popup. This makes it possible for unauthenticated attackers to extract the content of password-protected posts.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 5.3

Product Status

Vendor postmagthemes
Product Context Blog
Versions Default: unaffected
  • affected from 0 to 1.3.5 (incl.)

Credits

  • Ryoma Nishioka finder

References

Problem Types

  • CWE-200 Exposure of Sensitive Information to an Unauthorized Actor CWE