Niteothemes Cmp vulnerabilities
3 known vulnerabilities affecting niteothemes/cmp.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-0188P3MEDIUMCVSS 5.3PoCfixed in 4.0.192022-02-14
CVE-2022-0188 [MEDIUM] CWE-306 CVE-2022-0188: The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change th
The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout.
nvd
CVE-2020-36730P3CRITICALCVSS 9.3≤ 3.8.12023-06-07
CVE-2020-36730 [CRITICAL] CWE-862 CVE-2020-36730: The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the
The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export subscriber lists, and/or deactivate the plugi
nvd
CVE-2023-2159P4MEDIUMCVSS 5.3fixed in 4.1.82023-06-09
CVE-2023-2159 [MEDIUM] CWE-284 CVE-2023-2159: The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin's provided feature.
nvd