The CMP – Coming Soon & Maintenance plugin for WordPress...
Moderate severity
Unreviewed
Published
Jul 6, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Mar 7, 2023
Published to the GitHub Advisory Database
Jul 6, 2023
Last updated
Apr 4, 2024
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled.
References