3 matches found
CVE-2018-20156
CVE-2018-20156 affects the WordPress WP Maintenance Mode plugin (before 2.0.7). A remote authenticated site administrator can execute arbitrary PHP code across a multisite network. Public sources confirm this plugin version before 2.0.7 is vulnerable; exploitation status is not detailed in the pr...
CVE-2018-20154
CVE-2018-20154 affects the WordPress WP Maintenance Mode plugin prior to 2.0.7. The vulnerability allows remote authenticated users to disclose all subscriber email addresses, constituting an information-disclosure flaw in the plugin’s handling of subscriber data. The impact is confined to partia...
CVE-2018-20155
CVE-2018-20155 affects the WordPress WP Maintenance Mode plugin prior to version 2.0.7. The vulnerability allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings, exposing a flaw in authorization for configuration changes. The issue is doc...