VYPR

Coming Soon \& Maintenance Mode

by Colorlib

CVEs (6)

  • CVE-2025-26894HigApr 15, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mobeen Abdullah Coming Soon, Maintenance Mode site-mode allows PHP Local File Inclusion.This issue affects Coming Soon, Maintenance Mode: from n/a through <=…

  • CVE-2024-1475MedFeb 29, 2024
    risk 0.34cvss 5.3epss 0.00

    The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content thus bypassing the protection…

  • CVE-2024-1473MedMar 20, 2024
    risk 0.27cvss 5.3epss 0.01

    The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus…

  • CVE-2022-1576Jul 11, 2022
    risk 0.00cvss epss 0.00

    The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack

  • CVE-2022-0199Feb 21, 2022
    risk 0.00cvss epss 0.00

    The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack

  • CVE-2022-0164Feb 21, 2022
    risk 0.00cvss epss 0.00

    The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users