3 matches found
CVE-2022-0188
CVE-2022-0188 affects the CMP WordPress plugin, specifically versions before 4.0.19. The vulnerability is an unauthenticated access control flaw that lets any user, including unauthenticated visitors, arbitrarily change the coming soon page layout (CSS/HTML) due to insufficient access control. Th...
CVE-2020-36730
The Red Hat, NVD, and related feeds corroborate that the WordPress CMP plugin is vulnerable to an authorization bypass in versions up to 3.8.1 due to a missing capability check in three functions: cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax(). This allows unauthenti...
CVE-2023-2159
The CVE-2023-2159 entry concerns the WordPress plugin CMP – Coming Soon & Maintenance (versions up to 4.1.7). The root cause is an improper maintenance mode bypass via the cmp_bypass GET parameter, which, when equal to the md5-hashed home_url, allows bypassing the plugin’s maintenance mode featur...