Description
Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.
Published: 2026-07-02
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability allows the exposure of subscriber data in the Zozothemes Corpkit theme versions 1.0.5 and earlier. Because the theme does not protect subscriber information properly, sensitive personal details can be read by unauthorized users. The flaw falls under CWE‑201 and results in a confidentiality compromise of user data.

Affected Systems

The issue affects the Zozothemes Corpkit WordPress theme with any release version equal to or less than 1.0.5. WordPress sites that have installed this theme without an update are vulnerable.

Risk and Exploitability

The CVSS score of 6.5 signals a moderate risk. The EPSS value is not available, and the vulnerability is not listed in the CISA KEV catalog. Although the exact attack vector is not supplied, it can be inferred that an attacker with access to the WordPress installation or the theme’s internal endpoints could read subscriber data. No specific advance prerequisites are mentioned, so the threat is primarily a data‑exposure risk rather than a privilege escalation or execution vector.

Generated by OpenCVE AI on July 2, 2026 at 15:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Corpkit theme to the latest version that removes the subscriber data exposure flaw.
  • If an update cannot be applied immediately, disable or remove any public‑facing routes that expose subscriber information and restrict the theme’s data querying functions to authenticated administrators only.
  • Apply web‑application firewall rules or content‑security policies that block access to subscriber data endpoints until the theme is patched.

Generated by OpenCVE AI on July 2, 2026 at 15:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
Description Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.
Title WordPress Corpkit theme <= 1.0.5 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-07-02T11:25:37.271Z

Reserved: 2025-12-29T11:19:37.128Z

Link: CVE-2025-69132

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T15:45:16Z

Weaknesses
  • CWE-201

    Insertion of Sensitive Information Into Sent Data