CVE-2023-49741 — Authentication Bypass by Spoofing in Coming Soon AND Maintenance Mode

CWE-290 — Authentication Bypass by Spoofing3 documents3 sources

Severity

3.7LOWNVD

EPSS

0.1%

top 71.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wpdevart Coming Soon AND Maintenance Mode

Timeline

PublishedJun 4

Description

Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through 3.7.3.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5wpdevart/coming_soon_and_maintenance_moden/a — 3.7.3

🔴Vulnerability Details

GHSA

GHSA-p7rc-7m77-7q34: Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained b↗2024-06-04

▶

CVEList

WordPress Coming soon and Maintenance mode plugin <= 3.7.3 - IP Filtering Bypass vulnerability↗2024-06-04

▶