VYPR

Easy Maintenance Mode Coming Soon

by WordPress

CVEs (5)

  • CVE-2024-1477MedMar 20, 2024
    risk 0.34cvss 5.3epss 0.00

    The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the…

  • CVE-2022-1580Sep 19, 2022
    risk 0.01cvss epss 0.01

    The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.

  • CVE-2022-1576Jul 11, 2022
    risk 0.00cvss epss 0.00

    The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack

  • CVE-2022-0199Feb 21, 2022
    risk 0.00cvss epss 0.00

    The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack

  • CVE-2022-0164Feb 21, 2022
    risk 0.00cvss epss 0.00

    The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users