PatchSiren cyber security CVE debrief
CVE-2026-12685 EscortWP CVE debrief
The EscortWP WordPress theme, version 3.6.2 and possibly earlier, was found to contain a backdoor. This backdoor allows an unauthenticated attacker to delete all site content by providing a hardcoded, per-build key. Additionally, the backdoor covertly sends the site URL, administrator email address, and license key to a third-party server. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity.
- Vendor
- EscortWP
- Product
- EscortWP WordPress theme
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Administrators and users of the EscortWP WordPress theme, especially those using version 3.6.2, should be aware of this vulnerability. Immediate action is recommended to secure affected installations.
Technical summary
The EscortWP WordPress theme through version 3.6.2 contains a vendor-authored, obfuscated backdoor. This backdoor enables an unauthenticated attacker who supplies a hard-coded, per-build key to permanently delete all of the site's content. The backdoor also covertly transmits the site URL, administrator email address, and license key to a third-party server. The vulnerability is characterized by the following CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.
Defensive priority
High priority should be given to updating or patching the EscortWP WordPress theme to a version that does not contain this backdoor. In the meantime, site administrators should monitor for suspicious activity and consider implementing compensating controls to mitigate the risk.
Recommended defensive actions
- Update the EscortWP WordPress theme to a patched version if available.
- Monitor website activity for signs of exploitation.
- Consider implementing a web application firewall (WAF) to detect and prevent suspicious traffic.
- Review and update security configurations to ensure that only necessary services are exposed.
- Regularly back up site content to prevent data loss.
Evidence notes
The details of this vulnerability are based on limited information from the CVE record and NVD entry. Further investigation and verification are recommended to fully understand the scope and impact of this vulnerability.
Official resources
-
CVE-2026-12685 CVE record
CVE.org
-
CVE-2026-12685 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T07:16:28.313Z and has not been modified since then.