CVE-2024-1075

LOW

Minimal Coming Soon - Coming Soon Page < 2.37 - Unauthenticated Maintenance Mode Bypass via Request Path Validation

Title source: llm

Description

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for unauthenticated attackers to bypass maintenance mode and view pages that should be hidden.

References (3)

Core 3

Core References

Product

https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/trunk/framework/public/init.php#L67

Patch

https://plugins.trac.wordpress.org/changeset/3031149/minimal-coming-soon-maintenance-mode/trunk/framework/public/init.php

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/78203b98-15bc-4d8e-9278-c472b518be07?source=cve

Scores

CVSS v3 3.7

EPSS 0.0069

EPSS Percentile 48.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (2)

webfactory/Minimal Coming Soon – Coming Soon Page < 2.37

webfactoryltd/minimal_coming_soon_\&_maintenance_mode < 2.37

Published Feb 05, 2024

Tracked Since Feb 18, 2026