WordPress CMP - Coming Soon & Maintenance Plugin by NiteoThemes plugin <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code Execution vulnerability

WordPress CMP - Coming Soon & Maintenance Plugin by NiteoThemes plugin = 4.1.16 - Missing Authorization to Authenticated Administrator+ Arbitrary File Upload and Remote Code Execution vulnerability discovered by ll in WordPress Plugin CMP – Coming Soon & Maintenance versions = 4.1.16...

EUVD-2026-23654

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the cmpthemeupdateinstall AJAX action. This is due to the function only checking for the publishpages...

WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Missing Authorization to Unauthenticated Template Activation vulnerability

Missing Authorization to Unauthenticated Template Activation vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Ultimate Coming Soon & Maintenance versions = 1.0.9...

WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Template Name Update vulnerability

Missing Authorization to Authenticated Subscriber+ Template Name Update vulnerability discovered by Tieu Pham Trong Nhan - TechlabCorp in WordPress Plugin Ultimate Coming Soon & Maintenance versions = 1.0.9...

EUVD-2021-23404

Malware in sbrugna...

EUVD-2022-52396

Malicious code in bioql PyPI...

CVE-2024-1472

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...

CVE-2024-9503

The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wplotiaddwhitelistedrolesoption', 'wplotiremovewhitelistedrolesoption', 'wplotiaddwhitelistedusersoption',...

CVE-2025-24543

Cross-Site Request Forgery CSRF vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9...

CVE-2025-24546

Cross-Site Request Forgery CSRF vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9...

WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Marek Mikita in WordPress Plugin Ultimate Coming Soon & Maintenance versions = 1.0.9...

WordPress plugin Ultimate Coming Soon & Maintenance 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2024-9503 Maintenance & Coming Soon Redirect Animation <= 2.1.3 - Missing Authorization to Settings Update

The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wplotiaddwhitelistedrolesoption', 'wplotiremovewhitelistedrolesoption', 'wplotiaddwhitelistedusersoption',...

CVE-2024-54425

Cross-Site Request Forgery CSRF vulnerability in LionScripts.com LionScripts: Site Maintenance & Noindex Nofollow Plugin maintenance-and-noindex-nofollow allows Stored XSS.This issue affects LionScripts: Site Maintenance & Noindex Nofollow Plugin: from n/a through = 2.1...

CVE-2024-54425

CVE-2024-54425: LionScripts: Site Maintenance & Noindex Nofollow Plugin is affected by a Cross-Site Request Forgery that enables Stored XSS. Affected versions: up to 2.1. Exploitation details and patch status vary across sources; Patch status for LionScripts CVE-2024-54425 is not provided in the ...

CVE-2024-9705

The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsmupdatetemplatenamelite' function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with...

WordPress WP Maintenance plugin <= 6.1.9.2 - IP Spoofing to Maintenance Mode Bypass vulnerability

IP Spoofing to Maintenance Mode Bypass vulnerability discovered by Hoa Le Ngoc lengochoa in WordPress Plugin WP Maintenance versions = 6.1.9.2...

WordPress plugin WP Maintenance security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-1472

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...

Information disclosure

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...