Impact
This vulnerability allows the exposure of subscriber data in the Zozothemes Corpkit theme versions 1.0.5 and earlier. Because the theme does not protect subscriber information properly, sensitive personal details can be read by unauthorized users. The flaw falls under CWE‑201 and results in a confidentiality compromise of user data.
Affected Systems
The issue affects the Zozothemes Corpkit WordPress theme with any release version equal to or less than 1.0.5. WordPress sites that have installed this theme without an update are vulnerable.
Risk and Exploitability
The CVSS score of 6.5 signals a moderate risk. The EPSS value is not available, and the vulnerability is not listed in the CISA KEV catalog. Although the exact attack vector is not supplied, it can be inferred that an attacker with access to the WordPress installation or the theme’s internal endpoints could read subscriber data. No specific advance prerequisites are mentioned, so the threat is primarily a data‑exposure risk rather than a privilege escalation or execution vector.
OpenCVE Enrichment