WoodMart themes for WordPress up to and including version 8.3.9 contain an issue that can expose sensitive system information to an unauthorized control sphere. The vulnerability allows retrieval of embedded sensitive data from the theme’s configuration or files, potentially leaking internal paths, configuration values, or other private information. The weakness is classified as CWE-497, indicating an improper handling of sensitive data that may result in disclosure. The official description states that the issue "allows Retrieve Embedded Sensitive Data," but does not specify the exact data contents or methods of extraction. Nonetheless the impact is clear: a successful exploitation would provide attackers with information that could aid further attacks or compromise user privacy.

The affected product is the WoodMart theme from xtemos. All versions from an unspecified initial release (n/a) through 8.3.9 are impacted. No specific higher or lower bounds are given beyond "<= 8.3.9," so any installation of WoodMart 8.3.9 or earlier should be considered vulnerable. Versions newer than 8.3.9 are presumed not to contain the flaw according to the vendor’s stated advisory.

The CVSS score for this vulnerability is 5.3, placing it in the medium severity range. The EPSS score is reported as less than 1%, indicating a low probability that exploitation is occurring or that exploits are widespread. It is not listed in the CISA Known Exploited Vulnerabilities catalog, further supporting a lower exploitation likelihood. Attack vector details are not explicitly stated; the description suggests that the vulnerability could be leveraged by an entity that can read the theme’s point-of-entry files or settings. Based on the disclosed nature of the flaw, the likely attack path would involve authenticated access to the theme’s backend or privileged file system access, but this is inferred rather than directly confirmed in the provided data. Therefore, while the risk to affected sites is moderate, the likelihood of a real-world exploit at present is low.