Under Construction / Maintenance Mode from Acurax <= 2.6 – Authenticated (Subscriber+) Sensitive Information Exposure | CVE 2023-6922 | Plugin Vulnerabilities

Description

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax' function. This can allow authenticated attackers to extract sensitive data such as names and email addresses of subscribed visitors.

Affects Plugins

coming-soon-maintenance-mode-from-acurax

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/2a75f4eb-698b-4c92-9829-de6c55e21ecb

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

István Márton

Verified

No

WPVDB ID

031e8a73-d6c3-442f-a3bc-2269ab03b53a

Timeline

Publicly Published

2024-02-27 (about 2 years ago)

Added

2024-02-27 (about 2 years ago)

Last Updated

2024-02-27 (about 2 years ago)

Other

Published

Title

Published

2025-12-29

Title

Wallet System for WooCommerce < 2.7.4 - Authenticated (Subscriber+) Information Exposure

Published

2022-12-05

Title

Autoptimize < 3.1.0 - Sensitive Data Disclosure

Published

2023-12-28

Title

Uncanny Automator < 5.1.0.3 - Sensitive Information Exposure via Log File

Published

2022-01-14

Title

Futurio Extra < 1.6.3 - Subscriber+ User Email Address Disclosure

Published

2024-11-22

Title

Wp Maximum Upload File Size < 1.1.4 - Authenticated (Author+) Full Path Disclosure