5 matches found
CVE-2020-6168
CVE-2020-6168 – WordPress Minimal Coming Soon & Maintenance Mode : The vulnerability affects the plugin up to version 2.10, allowing any authenticated user with subscriber permissions or higher to enable/disable Maintenance Mode via crafted requests (e.g., /wp-admin/admin.php?action=csmm_change_s...
CVE-2020-6166
CVE-2020-6166 (WordPress Minimal Coming Soon & Maintenance Mode) affects the plugin versions up to 2.15. The flaw allows any authenticated user with at least basic access to export plugin settings or change the maintenance-page theme via insecure permissions. Technical details from connected sour...
CVE-2020-6167
The CVE-2020-6167 entry concerns WordPress plugin Minimal Coming Soon & Maintenance Mode (versions up to 2.10). The vulnerability is a CSRF to stored XSS and setting changes, permitted by a lack of nonce checks on settings endpoints, enabling an attacker to enable maintenance mode, inject XSS, mo...
CVE-2024-5087
CVE-2024-5087 affects the Minimal Coming Soon – Coming Soon Page WordPress plugin. The vulnerability is caused by missing capability checks in AJAX handlers (validate_ajax, deactivate_ajax, save_ajax) on all versions up to 2.38, enabling authenticated users with Subscriber-level access and above ...
CVE-2024-1075
CVE-2024-1075 affects the WordPress plugin Minimal Coming Soon – Coming Soon Page . The flaw permits unauthenticated maintenance mode bypass and information disclosure due to improper validation of the request path, affecting versions up to and including 2.37. The issue has been acknowledged by m...