Description
Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.
Published: 2026-02-19
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Update Plugin
AI Analysis

Impact

The SeedProd Coming Soon Page, Under Construction & Maintenance Mode plugin is affected by a missing authorization flaw that allows an attacker to bypass the plugin’s access control checks. By exploiting this defect, an adversary can reach administrative functions of the plugin that are intended to be restricted to privileged users. This could enable unauthorized modification of site status, visibility of maintenance mode settings, and potentially the ability to alter or disable security controls on the WordPress site.

Affected Systems

WordPress sites that have the SeedProd Coming Soon Page, Under Construction & Maintenance Mode plugin installed at any version up to and including 6.19.8 are vulnerable to this weakness.

Risk and Exploitability

The vulnerability carries a CVSS score of 5.3, indicating moderate severity. The EPSS score is reported as less than 1 %, suggesting a very low exploitation probability, and the issue is not listed in the CISA KEV catalog. The likely attack vector is remote, where an unauthenticated or low-privilege user can access the plugin’s administrative endpoints. Exploitation requires no special conditions beyond reaching the plugin’s URLs, so the risk to exposed sites remains significant enough to warrant timely remediation.

Generated by OpenCVE AI on April 16, 2026 at 06:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SeedProd plugin to a newer version that resolves the access control flaw
  • If an upgrade is not immediately possible, remove or deactivate the plugin until a patched version is available
  • Apply web‑application firewall rules or .htaccess restrictions to block unauthenticated access to the plugin’s admin paths until the issue is fixed

Generated by OpenCVE AI on April 16, 2026 at 06:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.7. Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.
Title WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 6.19.7 - Broken Access Control vulnerability WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 6.19.8 - Broken Access Control vulnerability

Wed, 25 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L'}

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Seedprod
Seedprod coming Soon Page, Under Construction & Maintenance Mode
Wordpress
Wordpress wordpress
Vendors & Products Seedprod
Seedprod coming Soon Page, Under Construction & Maintenance Mode
Wordpress
Wordpress wordpress

Thu, 19 Feb 2026 21:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.7.
Title WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 6.19.7 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Seedprod Coming Soon Page, Under Construction & Maintenance Mode
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:15:02.356Z

Reserved: 2026-02-19T09:51:54.220Z

Link: CVE-2026-27368

cve-icon Vulnrichment

Updated: 2026-02-20T16:48:30.662Z

cve-icon NVD

Status : Deferred

Published: 2026-02-19T21:18:33.083

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-27368

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T06:30:06Z

Weaknesses