CVE-2020-6168
published 2020-01-09CVE-2020-6168: A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable…
PriorityP274high7.6CVSS 3.1
AVNACLPRLUINSUCLILAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.95%
77.7th percentile
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webfactoryltd | minimal_coming_soon_maintenance_mode | <= 2.10 | — |
CVSS provenance
nvdv3.17.6HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
nvdv3.07.6HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vulncheck7.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6xpf-466x-v7vx: A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2
ghsa_unreviewed·2022-05-24
CVE-2020-6168 [MEDIUM] CWE-732 GHSA-6xpf-466x-v7vx: A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting).
VulnCheck
webfactoryltd minimal_coming_soon_\&_maintenance_mode Missing Authorization
vulncheck·2020·CVSS 7.6
CVE-2020-6168 [HIGH] webfactoryltd minimal_coming_soon_\&_maintenance_mode Missing Authorization
webfactoryltd minimal_coming_soon_\&_maintenance_mode Missing Authorization
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting).
Affected: webfactoryltd minimal_coming_soon_\&_maintenance_mode
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/minimal-coming-soon-maintenance-mode/minimal-coming-soon-maintenance-mode-210-missing-authorization
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://wordpress.org/plugins/minimal-coming-soon-maintenance-mode/#developershttps://wpvulndb.com/vulnerabilities/10008https://www.wordfence.com/blog/2020/01/multiple-vulnerabilities-patched-in-minimal-coming-soon-maintenance-mode-coming-soon-page-plugin/https://wordpress.org/plugins/minimal-coming-soon-maintenance-mode/#developershttps://wpvulndb.com/vulnerabilities/10008https://www.wordfence.com/blog/2020/01/multiple-vulnerabilities-patched-in-minimal-coming-soon-maintenance-mode-coming-soon-page-plugin/
2020-01-09
Published
Exploited in the wild