HIGH
EscortWP
CVE published 2026-07-10
CVE-2026-12685
The EscortWP WordPress theme, version 3.6.2 and possibly earlier, was found to contain a backdoor. This backdoor allows an unauthenticated attacker to delete all site content by providing a hardcoded, per-build key. Additionally, the backdoor covertly sends the site URL, administrator email address, and license key to a third-party server. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity.