CVE-2026-12685: CWE-912 Hidden Functionality in escortwp
The EscortWP WordPress theme up to version 3.6.2 contains a vendor-authored, obfuscated backdoor. This backdoor allows an unauthenticated attacker who knows a hard-coded key to permanently delete all site content. Additionally, the backdoor covertly sends the site URL, administrator email, and license key to a third-party server. No official patch or remediation guidance is currently available.
AI Analysis
Technical Summary
CVE-2026-12685 describes a hidden functionality vulnerability (CWE-912) in the EscortWP WordPress theme through version 3.6.2. The theme includes an obfuscated backdoor implemented by the vendor that can be triggered by supplying a hard-coded, per-build key. Exploiting this backdoor enables an unauthenticated attacker to permanently delete all content on the affected site. Furthermore, the backdoor exfiltrates sensitive information including the site URL, administrator email address, and license key to an external third-party server. There is no CVSS score assigned and no known exploits in the wild at this time. No patch or official remediation has been disclosed.
Potential Impact
An attacker with knowledge of the hard-coded key can cause permanent data loss by deleting all site content. Sensitive site information including URL, admin email, and license key is leaked to a third party, potentially enabling further attacks or misuse of the license. The vulnerability affects site availability and confidentiality.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider discontinuing use of the affected theme version or replacing it with a trusted alternative. Monitor for vendor updates regarding patches or official mitigations.
CVE-2026-12685: CWE-912 Hidden Functionality in escortwp
Description
The EscortWP WordPress theme up to version 3.6.2 contains a vendor-authored, obfuscated backdoor. This backdoor allows an unauthenticated attacker who knows a hard-coded key to permanently delete all site content. Additionally, the backdoor covertly sends the site URL, administrator email, and license key to a third-party server. No official patch or remediation guidance is currently available.
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-12685 describes a hidden functionality vulnerability (CWE-912) in the EscortWP WordPress theme through version 3.6.2. The theme includes an obfuscated backdoor implemented by the vendor that can be triggered by supplying a hard-coded, per-build key. Exploiting this backdoor enables an unauthenticated attacker to permanently delete all content on the affected site. Furthermore, the backdoor exfiltrates sensitive information including the site URL, administrator email address, and license key to an external third-party server. There is no CVSS score assigned and no known exploits in the wild at this time. No patch or official remediation has been disclosed.
Potential Impact
An attacker with knowledge of the hard-coded key can cause permanent data loss by deleting all site content. Sensitive site information including URL, admin email, and license key is leaked to a third party, potentially enabling further attacks or misuse of the license. The vulnerability affects site availability and confidentiality.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider discontinuing use of the affected theme version or replacing it with a trusted alternative. Monitor for vendor updates regarding patches or official mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- WPScan
- Date Reserved
- 2026-06-19T08:15:52.985Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a50922168715ace431d74f9
Added to database: 07/10/2026, 06:33:05 UTC
Last enriched: 07/10/2026, 06:47:25 UTC
Last updated: 07/10/2026, 07:31:49 UTC
Views: 16
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.