CVE-2023-1263

2023-03-0722:15:10

CWE-200

[email protected]

web.nvd.nist.gov

cmp

coming soon

maintenance

plugin

wordpress

cve-2023-1263

information exposure

vulnerability

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.7%

JSON

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled.

Affected configurations

Vulners

NVD

Node

niteocmp_–_coming_soon_\&_maintenance_plugin_by_niteothemesRange≤4.1.6

CPENameOperatorVersion
niteothemes:coming_soon_\&_maintenanceniteothemes coming soon & maintenancele4.1.6

CPE	Name	Operator	Version
niteothemes:coming_soon_\&_maintenance	niteothemes coming soon & maintenance	le	4.1.6

CNA Affected

[
  {
    "vendor": "niteo",
    "product": "CMP – Coming Soon & Maintenance Plugin by NiteoThemes",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "4.1.6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]