The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled.
CPE | Name | Operator | Version |
---|---|---|---|
coming_soon_\\&_maintenance | le | 4.1.6 |