CVE-2025-69132
Deferred Deferred - Pending Action

Subscriber Sensitive Data Exposure in Corpkit

Vulnerability report for CVE-2025-69132, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: Patchstack

Description

Subscriber Sensitive Data Exposure in Corpkit <= 1.0.5 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack corpkit to 1.0.5 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-201 The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-69132 is a Sensitive Data Exposure vulnerability found in the WordPress Corpkit Theme versions 1.0.5 and below.

This vulnerability allows attackers to view confidential information that is normally restricted to regular users.

It has a medium severity with a CVSS score of 6.5, indicating a moderate level of risk.

Impact Analysis

The vulnerability could allow attackers to access sensitive subscriber data that should be protected.

This exposure of confidential information can lead to privacy breaches and potentially harm users or the website owner.

Because the vulnerability can be exploited remotely over the network with low attack complexity, it poses a risk of mass exploitation across many websites using the affected theme.

Currently, there is no official patch, so immediate mitigation steps such as applying provided rules or updating the theme are recommended.

Mitigation Strategies

The vulnerability affects WordPress Corpkit Theme versions 1.0.5 and below and allows sensitive data exposure.

Currently, there is no official patch available.

Patchstack has provided a mitigation rule to block attacks until an official fix is released.

  • Apply the mitigation rule provided by Patchstack to block potential attacks.
  • Update the Corpkit theme to a version higher than 1.0.5 once an official patch is released.
  • Seek assistance from your hosting provider or a developer to implement temporary protections.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69132. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart