CVE-2024-1181
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The Coming Soon, Under Construction & Maintenance Mode By Dazzler plugin for WordPress is vulnerable to maintenance mode bypass in all versions up to, and including, 2.1.2. This is due to the plugin relying on the REQUEST_URI to determine if the page being accesses is an admin area. This makes it possible for unauthenticated attackers to bypass maintenance mode and access the site which may be considered confidential when in maintenance mode.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| dazzlersoft | Coming Soon, Under Construction & Maintenance Mode By Dazzler | 0 <= 2.1.2 | affected |
Weaknesses
- CWE-862: CWE-862 Missing Authorization
ADP Enrichment
CVE Program Container
Additional References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc144cd-7119-477f-9fa1-b00cab215077?source=cve
- https://plugins.trac.wordpress.org/browser/coming-soon-wp/trunk/coming-soon-wp.php#L45
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc144cd-7119-477f-9fa1-b00cab215077?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3054042%40coming-soon-wp&new=3054042%40coming-soon-wp&sfp_email=&sfph_mail=
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.