Description
Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance ultimate-coming-soon allows Cross Site Request Forgery.This issue affects Ultimate Coming Soon & Maintenance: from n/a through <= 1.0.9.
Published: 2025-01-24
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows a Cross‑Site Request Forgery attack against the RSTheme Ultimate Coming Soon & Maintenance plugin. An attacker can craft a forged request and cause an authenticated user to perform privileged actions on the website, potentially altering site behavior or configuration without the user’s consent.

Affected Systems

RSTheme Ultimate Coming Soon & Maintenance plugin, version 1.0.9 or earlier, is affected on all WordPress installations running these versions.

Risk and Exploitability

The CVSS score of 4.3 places the vulnerability in a moderate severity band, while the EPSS score of less than 1% indicates a low likelihood of widespread exploitation. The vulnerability is not listed in CISA KEV. An attacker would need to lure a logged‑in user to a malicious site or otherwise submit a forged request; the attack vector is inferred from the CSRF nature of the flaw.

Generated by OpenCVE AI on May 2, 2026 at 05:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update RSTheme Ultimate Coming Soon & Maintenance plugin to a version newer than 1.0.9.
  • Disable or uninstall the plugin if it is not required for site operation.
  • Implement a Web Application Firewall rule or use a security plugin to enforce CSRF protection on WordPress endpoints, ensuring same‑origin policies or token verification for the plugin’s requests.

Generated by OpenCVE AI on May 2, 2026 at 05:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3754 Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9. Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance ultimate-coming-soon allows Cross Site Request Forgery.This issue affects Ultimate Coming Soon & Maintenance: from n/a through <= 1.0.9.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Mon, 09 Jun 2025 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Rstheme
Rstheme ultimate Coming Soon \& Maintenance
CPEs cpe:2.3:a:rstheme:ultimate_coming_soon_\&_maintenance:*:*:*:*:*:*:*:*
Vendors & Products Rstheme
Rstheme ultimate Coming Soon \& Maintenance

Fri, 24 Jan 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 24 Jan 2025 17:30:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9.
Title WordPress Ultimate Coming Soon & Maintenance plugin <= 1.0.9 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Rstheme Ultimate Coming Soon \& Maintenance
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-11T23:13:15.308Z

Reserved: 2025-01-23T14:50:18.327Z

Link: CVE-2025-24543

cve-icon Vulnrichment

Updated: 2025-01-24T18:47:34.769Z

cve-icon NVD

Status : Modified

Published: 2025-01-24T18:15:32.703

Modified: 2026-04-23T15:24:58.273

Link: CVE-2025-24543

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T05:30:26Z

Weaknesses