The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin's provided feature.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-09T05:33:28.584Z
Updated: 2024-08-02T06:12:20.613Z
Reserved: 2023-04-18T14:09:08.727Z
Link: CVE-2023-2159
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-06-09T06:16:04.290
Modified: 2023-11-07T04:12:05.017
Link: CVE-2023-2159
Redhat
No data.