Lucene search

WpvulndbWPVDB-ID:BF7EFB23-90B9-4340-B094-6352B71F6546

HistoryJun 07, 2024 - 12:00 a.m.

Minimal Coming Soon – Coming Soon Page < 2.39 - Missing Authorization to Limited Settings Change

2024-06-0700:00:00

wpscan.com

wordpress

data modification

vulnerable software

authorization

capability check

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

6.4

Confidence

Low

JSON

Description The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit the license key, which could disable features of the plugin.

References

www.wordfence.com/threat-intel/vulnerabilities/id/affdaf63-2098-4ad6-b15b-990d1941fecb