CVE-2025-12074

The Context Blog WordPress theme, versions 1.2.5 and earlier, contains an information exposure vulnerability in the context_blog_modal_popup AJAX action. The function context_blog_modal_popup in /inc/ajax/modal-popup.php retrieves a post by its ID using get_post() and returns the full post content without checking whether the post is password-protected, private, or in draft status [3]. The theme registers this handler for both authenticated and unauthenticated users via wp_ajax_nopriv_ and wp_ajax_ hooks, meaning no authentication is required to trigger it [3].

An unauthenticated attacker can exploit this by sending a crafted AJAX request with a targetting the context_blog_modal_popup action with a numeric post ID. The endpoint lacks any capability or status checks, so it will return the post_content of any post, including those that should be restricted. The theme's post selection feature, which uses criteria like comment count, date, category, or tag [1][2], does not enforce visibility restrictions, making it possible to enumerate and extract content from non-public posts.

The impact is information disclosure: an attacker can read the full content of password-protected, private, or draft posts. This could leak sensitive information, unpublished content, or data intended only for specific users. The CVSS v3 base score is 5.3 (Medium), reflecting the low complexity and network-based attack vector with no privileges required.

As of the publication date (2026-02-18), users of the Context Blog theme should update to a patched version if available. The vendor's theme page [1][2] indicates the theme is free with optional commercial upgrades; no specific patch version is mentioned in the provided references. Administrators should check for updates or consider disabling the vulnerable versions until a fix is applied.