CVE-2026-12685
EscortWP <= 3.6.2 - Content Deletion via Vendor-Authored Backdoor
CVSS Score
7.5
EPSS Score
0.1%
EPSS Percentile
4th
The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator email address, and license key to a third-party server.
| Vendor | unknown |
| Product | escortwp |
| Published | Jul 10, 2026 |
| Last Updated | Jul 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown escortwp
Be the first to know when new high vulnerabilities affecting unknown escortwp are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / escortwp
0 โค 3.6.2
References
Credits
Mike Gozdiskowski WPScan