CVE-2025-31051
Unknown Unknown - Not Provided
Information Disclosure in EngoTheme Plant WordPress Theme

Publication date: 2026-01-07

Last updated on: 2026-04-28

Assigner: Patchstack

Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-07
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-01-07
EPSS Evaluated
2026-06-14
NVD
CVE-2025-31051
EUVD
EUVD-2025-206256
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
engotheme plant_gardening_and_houseplants to 1.0.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-31051 is a Sensitive Data Exposure vulnerability in the WordPress theme "Plant - Gardening & Houseplants" versions up to 1.0.0. It allows unauthenticated attackers to access sensitive system information that should normally be restricted, due to broken access control issues. This exposure could potentially lead to further exploitation of other system weaknesses. [1]

Impact Analysis

This vulnerability can expose sensitive system information to unauthorized users, which might enable attackers to exploit other weaknesses in the system. However, the severity is considered low (CVSS score 5.3), and exploitation is unlikely. There is currently no official fix or patched version available, but mitigation services exist to help protect against this vulnerability. [1]

Mitigation Strategies

Since no official fix or patched version is currently available for this vulnerability, immediate mitigation can involve using Patchstack's mitigation services to provide rapid protection against this and similar vulnerabilities. Additionally, monitoring and restricting access to the affected WordPress theme and limiting exposure of sensitive data through access control measures may help reduce risk. [1]

Compliance Impact

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-31051. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart