Maintenance Page < 1.0.9 – Missing Authorization to Sensitive Information Exposure | CVE 2024-1370 | Plugin Vulnerabilities

Description

The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access or higher, to download a csv containing subscriber emails.

Affects Plugins

maintenance-page

Fixed in 1.0.9

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/1fce54b1-e1e6-4742-9eb3-bbfb613ccd70

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Francesco Carlucci

Verified

No

WPVDB ID

abbdbee0-aaca-480c-a322-07cedf5e9788

Timeline

Publicly Published

2024-02-21 (about 2 years ago)

Added

2024-02-21 (about 2 years ago)

Last Updated

2024-02-21 (about 2 years ago)

Other

Published

Title

Published

2021-07-12

Title

Frontend File Manager < 18.3 - Privilege Escalation

Published

2022-05-18

Title

Jupiter < 6.10.2 & JupiterX < 2.0.7 - Subscriber+ Path Traversal and Local File Inclusion

Published

2023-06-02

Title

Page Builder by AZEXO <= 1.27.133 - Subscriber+ Post Creation

Published

2024-05-20

Title

Debug Log – Manger Tool < 1.5 - Unauthenticated Information Exposure via Logs

Published

2020-12-17

Title

ListingPro < 2.6.1 - Unauthenticated Arbitrary Plugin Installation/Activation/Deactivation