4 matches found
CVE-2023-2159
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmpbypass GET parameter in the URL equal to the md5-hashed homeurl in the default setting allows users to visit a site placed in maintenance mode th...
CVE-2023-2159
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmpbypass GET parameter in the URL equal to the md5-hashed homeurl in the default setting allows users to visit a site placed in maintenance mode th...
CVE-2023-2159 CMP – Coming Soon & Maintenance <= 4.1.7 - Maintenance Mode Bypass
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmpbypass GET parameter in the URL equal to the md5-hashed homeurl in the default setting allows users to visit a site placed in maintenance mode th...
CVE-2023-2159
The CVE-2023-2159 entry concerns the WordPress plugin CMP – Coming Soon & Maintenance (versions up to 4.1.7). The root cause is an improper maintenance mode bypass via the cmp_bypass GET parameter, which, when equal to the md5-hashed home_url, allows bypassing the plugin’s maintenance mode featur...