WordPress Plugin Vulnerabilities

CMP - Coming Soon & Maintenance < 3.8.2 - Improper Access Controls on AJAX Calls

Description

Some of the AJAX calls from the plugin do not properly check for capabilities and CSRF tokens, leading to issues such as arbitrary post read, subscribers list export and plugin deactivation.

Affects Plugins

cmp-coming-soon-maintenance

Fixed in version 3.8.2

References

URL

https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-cmp-coming-soon-and-maintenance-plugin/

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CWE-284

Miscellaneous

Original Researcher

Jerome Bruandet (nintechnet)

Verified

WPVDB ID

f820452e-37f5-44b9-a232-11d9b91bec3b

Timeline

Publicly Published

2020-08-04 (about 2 years ago)

Added

2020-08-04 (about 2 years ago)

Last Updated

2020-08-06 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin