2 matches found
CVE-2024-1462
The CVE-2024-1462 entry concerns the Maintenance Page plugin for WordPress. It allows Basic Information Exposure via the REST API in all versions up to 1.0.8, enabling unauthenticated attackers to view post titles and content when the site is in maintenance mode. A fix is available: upgrade to ve...
CVE-2024-1370
CVE-2024-1370 affects the WordPress Maintenance Page plugin. A missing capability check in the subscribe_download AJAX handler in all versions up to 1.0.8 allows authenticated users with subscriber access or higher to download a CSV with subscriber emails. Affected versions: ≤1.0.8; impact is inf...