Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:3728ADFC-25A5-4C16-80A6-FB20E1D28252
HistoryDec 07, 2023 - 12:00 a.m.

Coming soon and Maintenance mode <= 3.7.3 - IP Address Spoofing via get_real_ip

2023-12-0700:00:00
wpscan.com
7
wordpress
plugin
vulnerability
ip address spoofing
http headers

AI Score

6.3

Confidence

High

EPSS

0

Percentile

9.0%

JSON

Description The Coming soon and Maintenance mode plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 3.7.3 due to the use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for attackers to bypass the coming soon mode page and visit the full site by spoofing an allowed IP.

Related

nvd 1
cvelist 1
vulnrichment 1
cve 1
wordfence 1
nvd
nvd
CVE-2023-49741
2024-06-04 11:15:50
cvelist
cvelist
CVE-2023-49741 WordPress Coming soon and Maintenance mode plugin <= 3.7.3 - IP Filtering Bypass vulnerability
2024-06-04 11:05:10
vulnrichment
vulnrichment
CVE-2023-49741 WordPress Coming soon and Maintenance mode plugin <= 3.7.3 - IP Filtering Bypass vulnerability
2024-06-04 11:05:10
cve
cve
CVE-2023-49741
2024-06-04 11:15:50
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 27, 2023 to December 3, 2023)
2023-12-07 14:11:22

AI Score

6.3

Confidence

High

EPSS

0

Percentile

9.0%

JSON
Related for WPVDB-ID:3728ADFC-25A5-4C16-80A6-FB20E1D28252
nvd1cvelist1vulnrichment1cve1wordfence1