CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20156 – WP Maintenance Mode <= 2.0.6 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-20156
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network. El plugin WP Maintenance Mode, en versiones anteriores a la 2.0.7 para WordPress, permite que usuarios "site administrator" autenticados remotos ejecuten código PHP arbitrario mediante una red multisitio. • https://www.wordfence.com/blog/2016/07/3-vulnerabilities-wp-maintenance-mode • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20154 – WP Maintenance Mode <= 2.0.6 - Authenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2018-20154
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses. El plugin WP Maintenance Mode, en versiones anteriores a la 2.0.7 para WordPress, permite que usuarios autenticados remotos descubran las direcciones de email de todos los suscriptores. • https://www.wordfence.com/blog/2016/07/3-vulnerabilities-wp-maintenance-mode • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20155 – WP Maintenance Mode <= 2.0.6 - Missing Authorization
https://notcve.org/view.php?id=CVE-2018-20155
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings. El plugin WP Maintenance Mode, en versiones anteriores a la 2.0.7 para WordPress, permite que usuarios suscriptores autenticados remotos omitan las restricciones de acceso planeadas en los cambios en las opciones del plugin. • https://www.wordfence.com/blog/2016/07/3-vulnerabilities-wp-maintenance-mode • CWE-862: Missing Authorization •