WordPress Plugin Vulnerabilities

CGC Maintenance Mode <= 1.2 - IP Spoofing

Description

The CGC Maintenance Mode plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.2 due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP address and bypass filtering.

Affects Plugins

Plugin icon
cgc-maintenance-mode
No known fix

References

CVE
CVE-2024-30480
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/1b05191b-4f4a-487a-9fbf-843a4787511e

Classification

Type
SPOOFING
OWASP top 10
A5: Broken Access Control
CWE
CWE-290
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
ad264ee8-ab8f-4c74-99a4-ab59869adb85

Timeline

Publicly Published
2024-03-28 (about 2 years ago)
Added
2024-04-03 (about 2 years ago)
Last Updated
2024-04-03 (about 2 years ago)

Other

Published
Title
Published
2024-04-29
Title
WTI Like Post <= 1.4.6 - IP Spoofing
Published
2024-09-16
Title
Maintenance Redirect < 2.1.0 - IP Spoofing to Maintenance Mode Bypass
Published
2023-08-28
Title
DoLogin Security < 3.7 - IP Spoofing
Published
2023-09-01
Title
Activity Log < 2.8.8 - IP Spoofing
Published
2023-08-14
Title
User Activity Log < 1.6.7 - IP Spoofing