Context Blog <= 1.3.5 - Unauthenticated Sensitive Information Exposure via 'postID' Parameter
2026-07-10 17:12
Ryoma NishiokaStrategic Overview
StatusPatched in 1.3.6
Affected ThemeContext Blog
Affected Version
<= 1.3.5CVSS5.3Medium
CVE
CVE-2026-6801Vulnerability Overview
The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the context_blog_modal_popup. This makes it possible for unauthenticated attackers to extract the content of password-protected posts.
Technical Analysis
REMEDIATION: Update to version 1.3.6, or a newer patched version --- IDENTIFIER: CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
External References
Vulnerability data © Defiant, Inc., provided under the Wordfence Intelligence T&C