Description
Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: Immediate Patch
AI Analysis

Impact

The flaw allows the plugin to expose sensitive information that is embedded in the data it serves to users. This information can be retrieved by interacting with the plugin’s output, potentially exposing internal configuration values or other confidential data. The weakness corresponds to CWE‑201, an information‑exposure flaw affecting confidentiality.

Affected Systems

The vulnerability affects the stmcan RT‑Theme 18 | Extensions WordPress plugin versions from the earliest available versions through ≤ 2.5. Any WordPress site that has this plugin installed and activated during that version range is potentially impacted.

Risk and Exploitability

No publicly available CVSS or EPSS score is provided for this issue, and it is not listed in the CISA KEV catalog, so the precise severity and exploitation likelihood are unclear. Based on the description, it is inferred that an attacker could access the plugin’s data‑retrieval endpoints via the web interface, making remote exploitation possible. However, the actual attack conditions and required privileges are not detailed in the available data.

Generated by OpenCVE AI on April 8, 2026 at 10:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the RT‑Theme 18 | Extensions plugin to a version above 2.5 if a patch has been released.
  • If an upgrade is not feasible, disable or remove the plugin from the WordPress installation.
  • Verify that the plugin’s output no longer contains hidden sensitive information, for example by inspecting the rendered pages or running a vulnerability scan.

Generated by OpenCVE AI on April 8, 2026 at 10:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Stmcan
Stmcan rt-theme 18 | Extensions
Wordpress
Wordpress wordpress
Vendors & Products Stmcan
Stmcan rt-theme 18 | Extensions
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5.
Title WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References

Subscriptions

Stmcan Rt-theme 18 | Extensions
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T08:30:48.755Z

Reserved: 2026-04-07T10:58:22.476Z

Link: CVE-2026-39711

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:44.010

Modified: 2026-04-08T21:26:13.410

Link: CVE-2026-39711

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:40:06Z

Weaknesses