CVE-2020-36730

HIGH

CMP by NiteoThemes <= 3.8.1 - Unauthenticated Authorization Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36730. PoCs published by RandomRobbieBF.

AI-analyzed exploit summary The repository contains a functional Python exploit for CVE-2020-36730, which targets improper access controls in the CMP - Coming Soon & Maintenance WordPress plugin. The script checks the plugin version, logs into WordPress, and exploits the vulnerability to export subscriber data via an unauthorized AJAX call.

Description

The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export subscriber lists, and/or deactivate the plugin.

Exploits (1)

nomisec WORKING POC 1 stars

by RandomRobbieBF · poc

https://github.com/RandomRobbieBF/CVE-2020-36730

View Code ZIP pw:eip

The repository contains a functional Python exploit for CVE-2020-36730, which targets improper access controls in the CMP - Coming Soon & Maintenance WordPress plugin. The script checks the plugin version, logs into WordPress, and exploits the vulnerability to export subscriber data via an unauthorized AJAX call.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: CMP - Coming Soon & Maintenance < 3.8.2

Auth required

Prerequisites: WordPress credentials · CMP - Coming Soon & Maintenance plugin < 3.8.2 installed

MITRE ATT&CK

T1087 - Account Discovery T1119 - Automated Collection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit

https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-cmp-coming-soon-and-maintenance-plugin/

Third Party Advisory

https://wpscan.com/vulnerability/10341

Third Party Advisory

https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-cmp-coming-soon-maintenance-by-niteothemes-security-bypass-3-8-1/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/f1ef067b-e4b4-4174-b6ff-ec94a7afd55d?source=cve

Scores

CVSS v3 8.3

EPSS 0.0227

EPSS Percentile 80.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (2)

niteo/CMP – Coming Soon & Maintenance Plugin by NiteoThemes < 3.8.1

niteothemes/cmp < 3.8.1

Published Jun 07, 2023

Tracked Since Feb 18, 2026