CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47299 – WordPress Website Builder by SeedProd <= 6.17.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-47299
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Stored XSS.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.17.4. The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.17.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://patchstack.com/database/vulnerability/coming-soon/wordpress-website-builder-by-seedprod-6-17-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43944 – WordPress Maintenance & Coming Soon Redirect Animation plugin <= 2.1.3 - IP Bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-43944
Incorrect Authorization vulnerability in Yassine Idrissi Maintenance & Coming Soon Redirect Animation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maintenance & Coming Soon Redirect Animation: from n/a through 2.1.3. The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.1.3 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass IP restrictions. • https://patchstack.com/database/vulnerability/maintenance-coming-soon-redirect-animation/wordpress-maintenance-coming-soon-redirect-animation-plugin-2-1-3-ip-bypass-vulnerability?_s_id=cve • CWE-348: Use of Less Trusted Source CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38756 – WordPress Coming Soon Page – Responsive Coming Soon & Maintenance Mode plugin <= 1.6.3 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-38756
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Weblizar Coming Soon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming Soon: from n/a through 1.6.3. The Coming Soon Page – Responsive Coming Soon & Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.3. This makes it possible for unauthenticated attackers to extract potentially sensitive information. • https://patchstack.com/database/vulnerability/responsive-coming-soon-page/wordpress-coming-soon-page-responsive-coming-soon-maintenance-mode-plugin-1-6-3-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32088 – WordPress Website Builder plugin <= 6.15.20 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32088
Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.15.20. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd. Este problema afecta a la página Próximamente, modo en construcción y mantenimiento de SeedProd: desde n/a hasta 6.15.20. The Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.20. This is due to missing or incorrect nonce validation on the seedprod_lite_redirect_to_site() function. • https://patchstack.com/database/vulnerability/coming-soon/wordpress-website-builder-plugin-6-15-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50374 – WordPress CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin <= 4.1.10 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2023-50374
Server-Side Request Forgery (SSRF) vulnerability in NiteoThemes CMP – Coming Soon & Maintenance.This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.10. Vulnerabilidad de Server-Side Request Forgery (SSRF) en NiteoThemes CMP – Coming Soon & Maintenance. Este problema afecta a CMP – Próximamente y mantenimiento: desde n/a hasta 4.1.10. The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.10. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/cmp-coming-soon-maintenance/wordpress-cmp-coming-soon-maintenance-plugin-by-niteothemes-plugin-4-1-10-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •