WordPress Plugin Vulnerabilities

WP Maintenance Mode <= 2.0.6 - Missing Settings Authorization

Description

The WP Maintenance Mode WordPress plugin was affected by a Missing Settings Authorization security vulnerability.

Affects Plugins

Plugin icon
wp-maintenance-mode
Fixed in 2.0.7

References

CVE
CVE-2018-20155
URL
https://www.wordfence.com/blog/2016/07/3-vulnerabilities-wp-maintenance-mode/

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
4.3 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
6e806faa-2492-47df-8a32-a9ea143433f9

Timeline

Publicly Published
2016-07-06 (about 9 years ago)
Added
2016-07-11 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2021-12-14
Title
All In One SEO < 4.1.5.3 - Authenticated Privilege Escalation
Published
2024-10-16
Title
Miniorange OTP Verification with Firebase < 3.6.1 - Authentication Bypass
Published
2023-01-27
Title
ContentStudio < 1.2.6 - Authorisation Bypass
Published
2019-05-28
Title
Slick Popup <= 1.7.1 - Privilege Escalation
Published
2023-11-23
Title
The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read