CVE-2026-39711
Received Received - Intake
Sensitive Data Exposure in RT-Theme 18 Extensions

Publication date: 2026-04-08

Last updated on: 2026-04-13

Assigner: Patchstack

Description
Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-13
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-14
NVD
CVE-2026-39711
EUVD
EUVD-2026-20419
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
stmcan rt-theme_18 to 2.5 (inc)
stmcan rt18-extensions to 2.5 (inc)
patchstack rt18-extensions to 2.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-201 The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-39711 is a vulnerability in the WordPress RT-Theme 18 | Extensions Plugin versions up to and including 2.5. It is classified as a Sensitive Data Exposure issue.

This vulnerability allows unauthenticated attackers to access sensitive information that is normally restricted to regular users.

The vulnerability falls under the OWASP Top 10 category A3: Sensitive Data Exposure and requires no privileges to exploit.

Compliance Impact

CVE-2026-39711 is a Sensitive Data Exposure vulnerability that allows unauthenticated attackers to access sensitive information normally restricted to regular users.

Exposure of sensitive data can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require the protection of personal and sensitive information.

Although the vulnerability is rated as low severity with a CVSS score of 5.3 and exploitation is considered unlikely, any unauthorized access to sensitive data can pose risks to compliance with these standards.

Organizations using the affected plugin should consider this vulnerability in their risk assessments and apply mitigations to maintain compliance with relevant data protection regulations.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive information, which may be leveraged to exploit other weaknesses within the system.

Although the risk is considered low and exploitation unlikely, attackers often use such vulnerabilities in mass-exploit campaigns targeting numerous websites regardless of their traffic or popularity.

Immediate mitigation involves updating the affected plugin; if this is not possible, users are advised to seek assistance from their hosting provider or web developer.

Mitigation Strategies

Immediate mitigation involves updating the affected RT-Theme 18 | Extensions Plugin to a version newer than 2.5.

If updating is not possible, users are advised to seek assistance from their hosting provider or web developer to implement protective measures.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39711. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart