Medium severity5.8NVD Advisory· Published Mar 12, 2024· Updated Apr 8, 2026

CVE-2024-2107

Description

The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.3 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts.

Affected products

Blossomthemes/Blossom Spa
cpe:2.3:a:blossomthemes:blossom_spa:*:*:*:*:*:wordpress:*:*
Range: <1.3.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.wordfence.com/threat-intel/vulnerabilities/id/5e54dbf9-a5d1-413d-96ac-93dd499c21a4nvdThird Party Advisory
themes.trac.wordpress.org/changesetnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.377
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000