CVE-2024-1075

The Minimal Coming Soon  Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for unauthenticated attackers to bypass maintenance mode and view pages that should be hidden.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
WordfenceCNA
3.7 LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
webfactoryltdminimal_coming_soon_\&_maintenance_mode
𝑥
≤ 2.37
𝑥
= Vulnerable software versions
References
https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/trunk/framework/public/init.php#L67
https://plugins.trac.wordpress.org/changeset/3031149/minimal-coming-soon-maintenance-mode/trunk/framework/public/init.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/78203b98-15bc-4d8e-9278-c472b518be07?source=cve
https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/trunk/framework/public/init.php#L67
https://plugins.trac.wordpress.org/changeset/3031149/minimal-coming-soon-maintenance-mode/trunk/framework/public/init.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/78203b98-15bc-4d8e-9278-c472b518be07?source=cve