PatchSiren

EscortWP CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH EscortWP CVE published 2026-07-10

CVE-2026-12685

The EscortWP WordPress theme, version 3.6.2 and possibly earlier, was found to contain a backdoor. This backdoor allows an unauthenticated attacker to delete all site content by providing a hardcoded, per-build key. Additionally, the backdoor covertly sends the site URL, administrator email address, and license key to a third-party server. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity.