CVE-2023-1263
published 2023-03-07CVE-2023-1263: The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the…
PriorityP336medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
1.41%
69.4th percentile
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| niteo | cmp_coming_soon_maintenance_plugin_by_niteothemes | <= 4.1.6 | — |
| niteothemes | coming_soon_maintenance | <= 4.1.6 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access
nuclei·CVSS 5.3
CVE-2023-1263 [MEDIUM] Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access
Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access
The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them.
Template:
id: CVE-2023-1263
info:
name: Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access
author: r3Y3r53
severity: medium
description: |
The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them.
impact: |
Unauthenticated attackers can bypass maintenance mode restrictions to access published posts and pages that should be protected during maintenance.
remediation: Fixed in version 4.1.7
reference:
- https://wpscan.com/vulnerability/2e
https://plugins.trac.wordpress.org/browser/cmp-coming-soon-maintenance/tags/4.1.6/niteo-cmp.php#L2759https://www.wordfence.com/threat-intel/vulnerabilities/id/e01b4259-ed8d-44a4-9771-470de45b14a8?source=cvehttps://plugins.trac.wordpress.org/browser/cmp-coming-soon-maintenance/tags/4.1.6/niteo-cmp.php#L2759https://www.wordfence.com/threat-intel/vulnerabilities/id/e01b4259-ed8d-44a4-9771-470de45b14a8
2023-03-07
Published