WordPress Plugin Vulnerabilities

Maintenance & Coming Soon Redirect Animation <= 2.3.3 - IP Spoofing to Bypass

Description

The plugin is vulnerable to IP Address Spoofing due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass IP restrictions.

Affects Plugins

Plugin icon
maintenance-coming-soon-redirect-animation
No known fix

References

CVE
CVE-2024-43944
URL
https://patchstack.com/database/wordpress/plugin/maintenance-coming-soon-redirect-animation/vulnerability/wordpress-maintenance-coming-soon-redirect-animation-plugin-2-1-3-ip-bypass-vulnerability

Classification

Type
SPOOFING
OWASP top 10
A5: Broken Access Control
CWE
CWE-290
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Hoa Le Ngoc (lengochoa)
Verified
No
WPVDB ID
ac41125f-f921-49ff-8d79-22b6d606dc98

Timeline

Publicly Published
2024-08-26 (about 1 year ago)
Added
2024-09-10 (about 1 year ago)
Last Updated
2026-01-29 (about 4 months ago)

Other

Published
Title
Published
2024-06-18
Title
WP Maintenance < 6.1.9.3 - IP Spoofing to Maintenance Mode Bypass
Published
2024-09-04
Title
Security, Antivirus, Firewall – S.A.F <= 2.3.5 - IP Address Spoofing to Protection Mechanism Bypass
Published
2025-10-30
Title
OOPSpam Anti-Spam < 1.2.54 - Unauthenticated IP Header Spoofing
Published
2024-04-29
Title
WTI Like Post <= 1.4.6 - IP Spoofing
Published
2023-11-21
Title
Maspik – Spam blacklist < 0.10.4 - IP Validation Bypass