Exploitation Summary
CVE-2022-0188 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout.
Nuclei Templates (1)
CMP WordPress < 4.0.19 - Broken Access Control
MEDIUMVERIFIEDby pussycat0x
Shodan:
html:"wp-content/plugins/cmp-coming-soon-maintenance"
References (2)
Core 2
Core References
Exploit, Third Party Advisory exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/50b6f770-6f53-41ef-b2f3-2a58e9afd332
Patch, Third Party Advisory patch
https://plugins.trac.wordpress.org/changeset/2657597/cmp-coming-soon-maintenance
Scores
CVSS v3
5.3
EPSS
0.0239
EPSS Percentile
81.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-306
Status
published
Products (1)
niteothemes/cmp
< 4.0.19
Published
Feb 14, 2022
Tracked Since
Feb 18, 2026