5 matches found
CVE-2022-0199
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its comingsoonsendmail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack...
CVE-2023-49741
Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through 3.7.3...
PT-2024-16933 · WordPress · The Coming Soon Page & Maintenance Mode
Name of the Vulnerable Software and Affected Versions: The Coming Soon Page & Maintenance Mode plugin for WordPress versions up to, and including, 2.2.1 Description: The issue arises from an improperly implemented URL check in the wpsm coming soon redirect function, allowing unauthorized access t...
Coming Soon - Under Construction <= 1.2.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed As admin, put the following payload in the "More text information" settings of the plugin: The XSS will be triggered...
CVE-2021-24539
The Coming Soon, Under Construction & Maintenance Mode By Dazzler WordPress plugin before 1.6.7 does not sanitise or escape its description setting when outputting it in the frontend when the Coming Soon mode is enabled, even when the unfilteredhtml capability is disallowed, leading to an...