WordPress Plugin Vulnerabilities

Coming Soon Page & Maintenance Mode < 1.8.2 - Arbitrary Settings Reset

Description

The plugin does not perform capability checks in the ~/functions/data-reset-post.php file, which makes it possible for unauthenticated attackers to trigger plugin settings reset.

Affects Plugins

Plugin icon
responsive-coming-soon
Fixed in 1.8.2

References

CVE
CVE-2019-25139

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Jerome Bruandet
Verified
No
WPVDB ID
c719a76b-060e-447a-aca8-121f6c300d0b

Timeline

Publicly Published
2019-07-17 (about 6 years ago)
Added
2023-06-08 (about 2 years ago)
Last Updated
2023-06-08 (about 2 years ago)

Other

Published
Title
Published
2024-01-30
Title
Starbox < 3.4.8 - Subscriber+ Plugin Preferences / User Settings Access via IDOR
Published
2021-02-05
Title
Ultimate GDPR & CCPA Compliance Toolkit < 2.5 - Unauthenticated Plugin Settings Export and Import
Published
2021-05-05
Title
Simple Admin Language Change < 2.0.2 - Arbitrary User Locale Change
Published
2022-06-09
Title
Social Share Buttons by Supsystic < 2.2.4 - Subscriber+ Unauthorised Actions
Published
2021-03-27
Title
Easy Form Builder by Bitware <= 1.0 - Unauthorised AJAX calls