EUVD-2026-20135

Server-Side Request Forgery SSRF vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through = 6.19.8...

CVE-2026-39464

Server-Side Request Forgery SSRF vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through = 6.19.8...

WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 6.19.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Coming Soon Page, Under Construction & Maintenance Mode by SeedProd versions = 6.19.8...

CVE-2024-35749

Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through 2.6...

CVE-2024-1476

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mo...

WordPress Under Construction / Maintenance Mode from Acurax Plugin <= 2.6 is vulnerable to Sensitive Data Exposure

Software Under Construction / Maintenance Mode from Acurax Type Plugin Vulnerable versions = 2.6 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-1476 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a5fbf06afa48...

CVE-2022-1895

The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

CVE-2022-1895

The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

WordPress underConstruction plugin <= 1.19 - Construction Mode Deactivation via Cross-Site Request Forgery (CSRF) vulnerability

Construction Mode Deactivation via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress underConstruction plugin versions = 1.19. Solution Update the WordPress underConstruction plugin to the latest available version at least 1.20...

underConstruction < 1.20 - Construction Mode Deactivation via CSRF

The plugin does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack PoC...

WordPress WP Construction Mode Plugin <= 1.91 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

WordPress WP Construction Mode 1.91 XSS

Title: WordPress 'WP Construction Mode' plugin - XSS Version: 1.91 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/wp-construction-mode/ Contacted vendor: 2014/10/20 ---------------------------------------------------------------- Plugin...

Construction Mode 1.8 - under-construction.php wuc_logo Parameter XSS

The WP Construction Mode WordPress plugin was affected by an under-construction.php wuclogo Parameter XSS security vulnerability...

CVE-2014-4854

Cross-site scripting XSS vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuclogo parameter in a save action to wp-admin/admin.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuclogo parameter in a save action to wp-admin/admin.php...

CVE-2014-4854

Cross-site scripting XSS vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuclogo parameter in a save action to wp-admin/admin.php...

CVE-2014-4854

The CVE-2014-4854 entry concerns the WP Construction Mode WordPress plugin version 1.8. Affected component: the under-construction feature using the wuc_logo parameter in a save action to wp-admin/admin.php. Root cause: reflected XSS vulnerability in the handling of wuc_logo, allowing remote atta...

WordPress WP Construction Mode Plugin <= 1.8 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "wuclogo" parameter in a save action to wp-admin/admin.php. Solution Update the plugin...

WordPress Construction Mode 1.8 Cross Site Scripting

Exploit Title : Wordpress wp-construction-mode.1.8 Cross Site Scripting Exploit Author : Ashiyane Digital Security Team Vendor Homepage : http://wordpress.org/plugins/wp-construction-mode Software Link : http://downloads.wordpress.org/plugin/wp-construction-mode.1.8.zip Date : 2014-06-27 Tested o...