๐Ÿ” CVE Alert

CVE-2026-12685

HIGH 7.5

EscortWP <= 3.6.2 - Content Deletion via Vendor-Authored Backdoor

CVSS Score
7.5
EPSS Score
0.1%
EPSS Percentile
4th

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator email address, and license key to a third-party server.

Vendor unknown
Product escortwp
Published Jul 10, 2026
Last Updated Jul 10, 2026
Stay Ahead of the Next One

Get instant alerts for unknown escortwp

Be the first to know when new high vulnerabilities affecting unknown escortwp are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / escortwp
0 โ‰ค 3.6.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/0e5f5730-167d-4853-a764-bb9e3d62fdc4/

Credits

Mike Gozdiskowski WPScan