{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32405", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:11:14.585Z", "datePublished": "2026-03-13T11:42:13.263Z", "dateUpdated": "2026-04-29T09:51:58.844Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "woodmart", "product": "WoodMart", "vendor": "xtemos", "versions": [{"changes": [{"at": "8.4.0", "status": "unaffected"}], "lessThanOrEqual": "8.3.9", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:05:57.822Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.<p>This issue affects WoodMart: from n/a through <= 8.3.9.</p>"}], "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:58.844Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/woodmart/vulnerability/wordpress-woodmart-theme-8-3-9-sensitive-data-exposure-vulnerability?_s_id=cve"}], "title": "WordPress WoodMart theme <= 8.3.9 - Sensitive Data Exposure vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T13:16:26.487267Z", "id": "CVE-2026-32405", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T13:18:27.006Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32405", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-17T13:16:26.487267Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T13:16:15.890Z"}}], "cna": {"title": "WordPress WoodMart theme <= 8.3.9 - Sensitive Data Exposure vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "Retrieve Embedded Sensitive Data"}]}], "affected": [{"vendor": "xtemos", "product": "WoodMart", "versions": [{"status": "affected", "changes": [{"at": "8.4.0", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "8.3.9"}], "packageName": "woodmart", "collectionURL": "https://themeforest.net", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:05:57.822Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/woodmart/vulnerability/wordpress-woodmart-theme-8-3-9-sensitive-data-exposure-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9.", "supportingMedia": [{"type": "text/html", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.<p>This issue affects WoodMart: from n/a through <= 8.3.9.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-497", "description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T14:16:10.955Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32405", "state": "PUBLISHED", "dateUpdated": "2026-04-01T14:16:10.955Z", "dateReserved": "2026-03-12T11:11:14.585Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-13T11:42:13.263Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9."}, {"lang": "es", "value": "Exposici\u00f3n de Informaci\u00f3n Sensible del Sistema a una Esfera de Control No Autorizada vulnerabilidad en xtemos WoodMart woodmart permite la Recuperaci\u00f3n de Datos Sensibles Incrustados. Este problema afecta a WoodMart: desde n/a hasta &lt;= 8.3.9."}], "id": "CVE-2026-32405", "lastModified": "2026-04-22T21:30:26.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:54:56.883", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/woodmart/vulnerability/wordpress-woodmart-theme-8-3-9-sensitive-data-exposure-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-497"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,8.3.9]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[8.4.0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "WoodMart", "source": "cna", "vendor": "xtemos"}, "product": "woodmart", "vendor": "xtemos"}], "analysis": {"en": {"generated_at": "2026-03-17T17:20:49.089617+00:00", "value": {"mitigation_remediation": ["Confirm the currently installed WoodMart theme version by reviewing the WordPress theme editor or the \"Appearance \u2192 Themes\" screen.", "If the version is 8.3.9 or earlier, update the WoodMart theme to the latest available release, which is 8.4.0 or newer.", "Verify that the update includes the fix for the sensitive data exposure issue by consulting the vendor\u2019s changelog or patch notes.", "After the update, audit the theme\u2019s configuration files and logs to ensure no residual sensitive data is exposed."], "summary": {"action": "Apply Patch", "impact": "Sensitive Data Exposure"}, "threat_synthesis": {"affected_systems": "The affected product is the WoodMart theme from xtemos. All versions from an unspecified initial release (n/a) through 8.3.9 are impacted. No specific higher or lower bounds are given beyond \"<= 8.3.9,\" so any installation of WoodMart 8.3.9 or earlier should be considered vulnerable. Versions newer than 8.3.9 are presumed not to contain the flaw according to the vendor\u2019s stated advisory.", "description_and_impact": "WoodMart themes for WordPress up to and including version 8.3.9 contain an issue that can expose sensitive system information to an unauthorized control sphere. The vulnerability allows retrieval of embedded sensitive data from the theme\u2019s configuration or files, potentially leaking internal paths, configuration values, or other private information. The weakness is classified as CWE-497, indicating an improper handling of sensitive data that may result in disclosure. The official description states that the issue \"allows Retrieve Embedded Sensitive Data,\" but does not specify the exact data contents or methods of extraction. Nonetheless the impact is clear: a successful exploitation would provide attackers with information that could aid further attacks or compromise user privacy.", "risk_and_exploitability": "The CVSS score for this vulnerability is 5.3, placing it in the medium severity range. The EPSS score is reported as less than 1%, indicating a low probability that exploitation is occurring or that exploits are widespread. It is not listed in the CISA Known Exploited Vulnerabilities catalog, further supporting a lower exploitation likelihood. Attack vector details are not explicitly stated; the description suggests that the vulnerability could be leveraged by an entity that can read the theme\u2019s point-of-entry files or settings. Based on the disclosed nature of the flaw, the likely attack path would involve authenticated access to the theme\u2019s backend or privileged file system access, but this is inferred rather than directly confirmed in the provided data. Therefore, while the risk to affected sites is moderate, the likelihood of a real-world exploit at present is low."}}}}, "created": "2026-03-16T09:34:07.362506+00:00", "updated": "2026-03-23T12:03:57.258393+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "xtemos", "xtemos$PRODUCT$woodmart"]}