CVE-2025-31051 – This vulnerability in the Plant

📋 TL;DR

This vulnerability in the Plant - Gardening & Houseplants WordPress theme exposes sensitive system information to unauthorized users. Attackers can retrieve embedded sensitive data from affected installations. WordPress sites using this theme version 1.0.0 or earlier are vulnerable.

💻 Affected Systems

Products:

EngoTheme Plant - Gardening & Houseplants WordPress Theme

Versions: n/a through 1.0.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations using this specific theme.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain sensitive system information that could be used for further attacks, potentially leading to complete site compromise.

🟠

Likely Case

Unauthorized users access sensitive configuration data, server paths, or other information that should be protected.

🟢

If Mitigated

Limited exposure of non-critical information with minimal impact on overall security posture.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CWE-497 typically involves simple information disclosure that doesn't require authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 1.0.0

Vendor Advisory: https://patchstack.com/database/wordpress/theme/plant/vulnerability/wordpress-plant-gardening-houseplants-wordpress-theme-1-0-0-sensitive-data-exposure-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Appearance > Themes
3. Check for theme updates
4. Update Plant theme to latest version
5. If no update available, replace with alternative theme

🔧 Temporary Workarounds

Disable or Replace Theme

all

Temporarily disable the vulnerable theme and switch to a default WordPress theme

🧯 If You Can't Patch

Implement web application firewall rules to block access to sensitive theme files
Restrict access to theme directories using .htaccess or web server configuration

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Appearance > Themes for Plant theme version 1.0.0 or earlier

Check Version:

Check wp-content/themes/plant/style.css for Version: header

Verify Fix Applied:

Verify theme version is updated beyond 1.0.0 in WordPress admin

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to theme files
Requests to sensitive theme endpoints

Network Indicators:

HTTP requests to theme-specific paths returning sensitive data

SIEM Query:

web_access AND (uri_path CONTAINS '/wp-content/themes/plant/' AND response_code=200 AND response_size>threshold)

📊 Metadata

CVE ID: CVE-2025-31051

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-497

EPSS Score: 0.03% exploit probability (7th percentile)

Published: January 7, 2026

Last Updated: January 8, 2026

🔗 References

https://patchstack.com/database/wordpress/theme/plant/vulnerability/wordpress-plant-gardening-houseplants-wordpress-theme-1-0-0-sensitive-data-exposure-vulnerability?_s_id=cve

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-31051, you might also want to check these: