Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:1361412562310127468HistoryJun 14, 2023 - 12:00 a.m.
WordPress CMP - Coming Soon & Maintenance Plugin < 4.1.8 Improper Access Control Vulnerability
2023-06-1400:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
3
wordpress
plugin
vulnerability
improper access control
version 4.1.8
security
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.9%
The WordPress plugin
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:niteothemes:cmp";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.127468");
script_version("2023-10-13T16:09:03+0000");
script_tag(name:"last_modification", value:"2023-10-13 16:09:03 +0000 (Fri, 13 Oct 2023)");
script_tag(name:"creation_date", value:"2023-06-14 12:49:13 +0000 (Wed, 14 Jun 2023)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-06-15 22:12:00 +0000 (Thu, 15 Jun 2023)");
script_cve_id("CVE-2023-2159");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("WordPress CMP - Coming Soon & Maintenance Plugin < 4.1.8 Improper Access Control Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_wordpress_plugin_http_detect.nasl");
script_mandatory_keys("wordpress/plugin/cmp-comming-soon-maintenance/detected");
script_tag(name:"summary", value:"The WordPress plugin 'CMP - Coming Soon & Maintenance' is prone
to an improper access control vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"A correct cmp_bypass GET parameter in the URL (equal to the
md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance
mode thus bypassing the plugin's provided feature.");
script_tag(name:"affected", value:"WordPress CMP - Coming Soon & Maintenance prior to
version 4.1.8.");
script_tag(name:"solution", value:"Update to version 4.1.8 or later.");
script_xref(name:"URL", value:"https://www.wordfence.com/threat-intel/vulnerabilities/id/af955f69-b18c-446e-b05e-6a57a5f16dfa");
exit(0);
}
include( "host_details.inc" );
include( "version_func.inc" );
if( ! port = get_app_port( cpe: CPE ) )
exit( 0 );
if( ! infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE ) )
exit( 0 );
version = infos["version"];
location = infos["location"];
if( version_is_less( version: version, test_version: "4.1.8" ) ) {
report = report_fixed_ver( installed_version: version, fixed_version: "4.1.8", install_path: location );
security_message( port: port, data: report );
exit( 0 );
}
exit( 99 );
Related
nvd
nvd
CVE-2023-2159
2023-06-09 06:16:04
wpvulndb
wpvulndb
CMP – Coming Soon & Maintenance < 4.1.8 - Maintenance Mode Bypass
2023-04-18 00:00:00
cvelist
cvelist
CVE-2023-2159
2023-06-09 05:33:28
cve
cve
CVE-2023-2159
2023-06-09 06:16:04
prion
prion
Default credentials
2023-06-09 06:16:00
wordfence
wordfence
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.9%
Related for OPENVAS:1361412562310127468