CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49741 – WordPress Coming soon and Maintenance mode plugin <= 3.7.3 - IP Filtering Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-49741
Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through 3.7.3. Vulnerabilidad de omisión de autenticación mediante suplantación de identidad en wpdevart Coming soon and Maintenance mode permite acceder a la funcionalidad no restringida adecuadamente por las ACL. Este problema afecta a Coming soon and Maintenance mode: desde n/a hasta 3.7.3. The Coming soon and Maintenance mode plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 3.7.3 due to the use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for attackers to bypass the coming soon mode page and visit the full site by spoofing an allowed IP. • https://patchstack.com/database/vulnerability/coming-soon-page/wordpress-coming-soon-and-maintenance-mode-plugin-3-7-3-ip-filtering-bypass-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-693: Protection Mechanism Failure •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46615 – WordPress KD Coming Soon Plugin <= 1.7 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-46615
Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Coming Soon.This issue affects KD Coming Soon: from n/a through 1.7. Vulnerabilidad de deserialización de datos no confiables en Kalli Dan. KD Coming Soon. Este problema afecta a KD Coming Soon: desde n/a hasta 1.7. • https://github.com/RandomRobbieBF/CVE-2023-46615 https://patchstack.com/database/vulnerability/kd-coming-soon/wordpress-kd-coming-soon-plugin-1-7-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1593 – Site Offline or Coming Soon <= 1.6.6 - Stored Cross-Site Scripting via CSRF
https://notcve.org/view.php?id=CVE-2022-1593
The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack El plugin Site Offline o Coming Soon de WordPress versiones hasta 1.6.6, no presenta una comprobación de CSRF cuando actualiza sus ajustes, y también carece de saneo así como de escapes en algunos de ellos. Como resultado, los atacantes podrían hacer que un administrador conectado los cambie y ponga cargas útiles de tipo Cross-Site Scripting en ellos por medio de un ataque de tipo CSRF • https://wpscan.com/vulnerability/67678666-402b-4010-ac56-7067a0f40185 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5657 – Coming Soon <= 1.1.18 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-5657
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title_icon parameter. Se ha descubierto un problema en el plugin responsive-coming-soon-page 1.1.18 para WordPress. Existe XSS mediante el parámetro counter_title_icon en wp-admin/admin.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md https://wpvulndb.com/vulnerabilities/9010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5659 – Coming Soon < 1.1.19 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-5659
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_title parameter. Se ha descubierto un problema en el plugin responsive-coming-soon-page 1.1.18 para WordPress. Existe XSS mediante el parámetro coming-soon_title en wp-admin/admin.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md https://wpvulndb.com/vulnerabilities/9010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •