Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0.
Published: 2026-01-06
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Plant - Gardening & Houseplants WordPress Theme contains a vulnerability that allows an attacker to retrieve sensitive system information that should not be publicly accessible. The vulnerability manifests as an inappropriate exposure of data embedded within the theme, which could reveal configuration details, server paths, or other confidential information. This weakness falls under CWE‑497 and primarily undermines the confidentiality of the site.

Affected Systems

The vulnerability affects EngoTheme's Plant - Gardening & Houseplants WordPress Theme, from the earliest version through 1.0.0. All installations using these versions are impacted.

Risk and Exploitability

The CVSS score of 5.3 denotes moderate severity. The EPSS score of <1% indicates that exploitation is unlikely at present. The vulnerability is not listed in CISA KEV. The likely attack vector is remote via the WordPress front‑end, where an attacker can access a page that renders the theme’s data. No privileged credentials are required to trigger the data leakage, making the exploitation fairly straightforward if an attacker can locate the affected endpoint.

Generated by OpenCVE AI on April 30, 2026 at 14:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Plant theme version that addresses the data exposure issue
  • Remove or obfuscate any sensitive data that is embedded in the theme’s public files
  • Restrict access to theme directories using web server permissions or .htaccess rules to prevent unrestricted file reading

Generated by OpenCVE AI on April 30, 2026 at 14:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme plant allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through <= 1.0.0. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0.
References

Thu, 23 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme plant allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through <= 1.0.0.
References

Wed, 07 Jan 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Engotheme
Engotheme plant
Wordpress
Wordpress wordpress
Vendors & Products Engotheme
Engotheme plant
Wordpress
Wordpress wordpress

Tue, 06 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 06 Jan 2026 21:30:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0.
Title WordPress Plant - Gardening & Houseplants WordPress Theme <= 1.0.0 - Sensitive Data Exposure Vulnerability
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Engotheme Plant
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:04.281Z

Reserved: 2025-03-26T09:23:34.541Z

Link: CVE-2025-31051

cve-icon Vulnrichment

Updated: 2026-01-06T21:24:29.088Z

cve-icon NVD

Status : Deferred

Published: 2026-01-07T02:13:42.123

Modified: 2026-04-28T19:30:56.283

Link: CVE-2025-31051

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T14:30:06Z

Weaknesses