EUVD-2025-35354

The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address...

CVE-2025-10638

CVE-2025-10638 affects the NS Maintenance Mode for WP WordPress plugin (versions up to 1.3.1). The vulnerability enables unauthenticated attackers to access the subscriber export function and download a list of site subscribers, including their names and email addresses. The linked documents conf...

EUVD-2015-9269

Malware in sbrugna...

EUVD-2025-8109

Malicious code in bioql PyPI...

WordPress plugin WP Maintenance Mode & Site Under Construction 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2024-1477

The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection provided by th...

CVE-2024-1478

The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.1 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by th...

CVE-2025-1490

The Smart Maintenance Mode plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘setstatus’ parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

WordPress Maintenance Mode plugin <= 3.0.1 - IP Bypass vulnerability

IP Bypass vulnerability discovered by LeNgocHoa Patchstack Alliance in WordPress Plugin Maintenance Mode by helderk versions = 3.0.1...

WordPress CGC Maintenance Mode plugin <= 1.2 - Sensitive Information Exposure vulnerability

Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin CGC Maintenance Mode versions = 1.2...

CVE-2024-1478

The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by th...

WordPress Maintenance Mode by helderk Plugin <= 3.0.2 is vulnerable to Sensitive Data Exposure

Software Maintenance Mode by helderk Type Plugin Vulnerable versions = 3.0.2 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1478 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f1665efaf959 Credits Francesco Carluc...

CVE-2020-36752

The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to missing or incorrect nonce validation on the savemetabox function. This makes it possible for unauthenticated attackers to save meta boxe...

PT-2023-11892 · WordPress · The Coming Soon Page & Maintenance Mode

Name of the Vulnerable Software and Affected Versions: Coming Soon & Maintenance Mode Page plugin for WordPress versions up to, and including, 1.57 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save meta box function. This allo...

CVE-2019-25139

The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the /functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin...

PT-2023-11849 · WordPress · Coming Soon & Maintenance Mode Page Plugin

Name of the Vulnerable Software and Affected Versions: Coming Soon & Maintenance Mode Page plugin for WordPress versions up to, and including, 1.57 Description: The issue arises from confusing logic functions missing or having incorrect nonce validation, making it possible for unauthenticated...

PT-2023-11366 · WordPress · The Coming Soon Page & Maintenance Mode

Name of the Vulnerable Software and Affected Versions: The Coming Soon Page & Maintenance Mode plugin for WordPress versions up to, and including 1.8.1 Description: The issue is related to missing capability checks in the /functions/data-reset-post.php file, allowing unauthenticated attackers to...

CVE-2023-23682

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Snap Creek Software EZP Maintenance Mode plugin = 1.0.1 versions...

CVE-2022-1576

The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

WordPress plugin Maintenance Mode & Coming Soon 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Maintenance Mode...