CVE-2023-1263

2023-03-0722:15:10

CWE-200

Wordfence

web.nvd.nist.gov

cmp

coming soon

maintenance

plugin

wordpress

cve-2023-1263

information exposure

vulnerability

nvd

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

56.4%

JSON

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled.

Affected configurations

Nvd

Vulners

Node

niteothemescoming_soon_\&_maintenanceRange≤4.1.6wordpress

VendorProductVersionCPE
niteothemescoming_soon_\&_maintenance*cpe:2.3:a:niteothemes:coming_soon_\&_maintenance:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
niteothemes	coming_soon_\&_maintenance	*	cpe:2.3:a:niteothemes:coming_soon_\&_maintenance::::::wordpress::*

CNA Affected

[
  {
    "vendor": "niteo",
    "product": "CMP – Coming Soon & Maintenance Plugin by NiteoThemes",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "4.1.6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]