WordPress Plugin Vulnerabilities

Coming Soon & Maintenance Mode by Colorlib <= 1.0.99 - Information Exposure

Description

The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mode protection provided by the plugin.

Affects Plugins

Plugin icon
colorlib-coming-soon-maintenance
No known fix

References

CVE
CVE-2024-1473
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/48dc10a9-7bb9-401f-befd-1bf620858825

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Francesco Carlucci
Verified
No
WPVDB ID
73abd9fd-2748-4bcf-9b3e-2355aed9abfc

Timeline

Publicly Published
2024-03-19 (about 2 years ago)
Added
2024-03-19 (about 2 years ago)
Last Updated
2026-02-07 (about 3 months ago)

Other

Published
Title
Published
2024-01-24
Title
Views for WPForms < 3.2.3 - Missing Authorization via get_form_fields
Published
2017-11-02
Title
Like Button Rating < 2.5.4 - Unauthenticated Arbitrary Blog Settings Change
Published
2021-04-22
Title
Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via Low Privilege User
Published
2021-08-23
Title
Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Deletion
Published
2024-04-15
Title
Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More < 13.3.2 - Sensitive Information Exposure via Log Files