PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-12685 EscortWP CVE debrief

The EscortWP WordPress theme, version 3.6.2 and possibly earlier, was found to contain a backdoor. This backdoor allows an unauthenticated attacker to delete all site content by providing a hardcoded, per-build key. Additionally, the backdoor covertly sends the site URL, administrator email address, and license key to a third-party server. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity.

Vendor
EscortWP
Product
EscortWP WordPress theme
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Administrators and users of the EscortWP WordPress theme, especially those using version 3.6.2, should be aware of this vulnerability. Immediate action is recommended to secure affected installations.

Technical summary

The EscortWP WordPress theme through version 3.6.2 contains a vendor-authored, obfuscated backdoor. This backdoor enables an unauthenticated attacker who supplies a hard-coded, per-build key to permanently delete all of the site's content. The backdoor also covertly transmits the site URL, administrator email address, and license key to a third-party server. The vulnerability is characterized by the following CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Defensive priority

High priority should be given to updating or patching the EscortWP WordPress theme to a version that does not contain this backdoor. In the meantime, site administrators should monitor for suspicious activity and consider implementing compensating controls to mitigate the risk.

Recommended defensive actions

  • Update the EscortWP WordPress theme to a patched version if available.
  • Monitor website activity for signs of exploitation.
  • Consider implementing a web application firewall (WAF) to detect and prevent suspicious traffic.
  • Review and update security configurations to ensure that only necessary services are exposed.
  • Regularly back up site content to prevent data loss.

Evidence notes

The details of this vulnerability are based on limited information from the CVE record and NVD entry. Further investigation and verification are recommended to fully understand the scope and impact of this vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T07:16:28.313Z and has not been modified since then.