Under Construction / Maintenance Mode from Acurax <= 2.6 – Information Exposure | CVE 2024-1476 | Plugin Vulnerabilities

Description

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mode is active thus bypassing the protection provided by the plugin.

Affects Plugins

coming-soon-maintenance-mode-from-acurax

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/f28c47e6-a37d-4328-afb2-6a9e6b3fe20a

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Francesco Carlucci

Verified

No

WPVDB ID

51cbcd0e-800b-4cd9-8be0-becc51fcc19a

Timeline

Publicly Published

2024-02-27 (about 2 years ago)

Added

2024-02-27 (about 2 years ago)

Last Updated

2024-02-27 (about 2 years ago)

Other

Published

Title

Published

2021-07-12

Title

Frontend File Manager < 18.3 - Unauthenticated Arbitrary Post Deletion

Published

2024-06-28

Title

Patreon WordPress < 1.9.1 - Protection Mechanism Bypass

Published

2020-12-17

Title

ListingPro < 2.6.1 - Unauthenticated Arbitrary Plugin Installation/Activation/Deactivation

Published

2024-02-08

Title

Event Tickets and Registration < 5.8.1 - Contributor+ Arbitrary Events Access

Published

2025-11-14

Title

Qi Blocks < 1.4.4 - Missing Authorization to Arbitrary Attachment Resize