Context Blog <= 1.3.5 - Unauthenticated Sensitive Information Exposure via 'postID' Parameter

2026-07-10 17:12
Ryoma Nishioka

Strategic Overview

Status
Patched in 1.3.6
Affected ThemeContext Blog
Affected Version<= 1.3.5
CVSS5.3Medium
CVECVE-2026-6801
View all Context Blog vulnerabilities

Vulnerability Overview

The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the context_blog_modal_popup. This makes it possible for unauthenticated attackers to extract the content of password-protected posts.

Technical Analysis

REMEDIATION: Update to version 1.3.6, or a newer patched version --- IDENTIFIER: CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

External References

Vulnerability data © Defiant, Inc., provided under the Wordfence Intelligence T&C

Context Blog <= 1.3.5 - Unauthenticated Sensitive Information Exposure via 'postID' Parameter (CVE-2026-6801)