Minimal Coming Soon – Coming Soon Page < 2.38 – Unauthenticated Maintenance Mode Bypass | CVE 2024-1075 | Plugin Vulnerabilities

Description

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for unauthenticated attackers to bypass maintenance mode and view pages that should be hidden.

Affects Plugins

minimal-coming-soon-maintenance-mode

Fixed in 2.38

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/78203b98-15bc-4d8e-9278-c472b518be07

Classification

Type

IDOR

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Lucio Sá

Verified

No

WPVDB ID

de0489f0-de24-4131-a9d1-10eaaa41d646

Timeline

Publicly Published

2024-02-05 (about 2 years ago)

Added

2024-02-09 (about 2 years ago)

Last Updated

2024-02-09 (about 2 years ago)

Other

Published

Title

Published

2022-09-29

Title

Quiz And Survey Master < 7.3.5 - Quiz Update via IDOR

Published

2025-12-29

Title

FiveStar <= 1.7 - Authenticated (Subscriber+) Insecure Direct Object Reference

Published

2024-06-18

Title

Replace Image < 1.1.11 - Insecure Direct Object Reference

Published

2024-04-01

Title

Tickera < 3.5.2.5 - Ticket leakage through IDOR

Published

2024-11-12

Title

BuddyPress Builder for Elementor – BuddyBuilder < 1.8.0 - Contributor+ Post Disclosure