CVE-2026-39711
Sensitive Data Exposure in RT-Theme 18 Extensions
Publication date: 2026-04-08
Last updated on: 2026-04-13
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| stmcan | rt-theme_18 | to 2.5 (inc) |
| stmcan | rt18-extensions | to 2.5 (inc) |
| patchstack | rt18-extensions | to 2.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-39711 is a Sensitive Data Exposure vulnerability that allows unauthenticated attackers to access sensitive information normally restricted to regular users.
Exposure of sensitive data can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require the protection of personal and sensitive information.
Although the vulnerability is rated as low severity with a CVSS score of 5.3 and exploitation is considered unlikely, any unauthorized access to sensitive data can pose risks to compliance with these standards.
Organizations using the affected plugin should consider this vulnerability in their risk assessments and apply mitigations to maintain compliance with relevant data protection regulations.
Can you explain this vulnerability to me?
CVE-2026-39711 is a vulnerability in the WordPress RT-Theme 18 | Extensions Plugin versions up to and including 2.5. It is classified as a Sensitive Data Exposure issue.
This vulnerability allows unauthenticated attackers to access sensitive information that is normally restricted to regular users.
The vulnerability falls under the OWASP Top 10 category A3: Sensitive Data Exposure and requires no privileges to exploit.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive information, which may be leveraged to exploit other weaknesses within the system.
Although the risk is considered low and exploitation unlikely, attackers often use such vulnerabilities in mass-exploit campaigns targeting numerous websites regardless of their traffic or popularity.
Immediate mitigation involves updating the affected plugin; if this is not possible, users are advised to seek assistance from their hosting provider or web developer.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves updating the affected RT-Theme 18 | Extensions Plugin to a version newer than 2.5.
If updating is not possible, users are advised to seek assistance from their hosting provider or web developer to implement protective measures.