12 results (0.007 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Weblizar Coming Soon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming Soon: from n/a through 1.6.3. The Coming Soon Page – Responsive Coming Soon & Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.3. This makes it possible for unauthenticated attackers to extract potentially sensitive information. • https://patchstack.com/database/vulnerability/responsive-coming-soon-page/wordpress-coming-soon-page-responsive-coming-soon-maintenance-mode-plugin-1-6-3-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through 3.7.3. Vulnerabilidad de omisión de autenticación mediante suplantación de identidad en wpdevart Coming soon and Maintenance mode permite acceder a la funcionalidad no restringida adecuadamente por las ACL. Este problema afecta a Coming soon and Maintenance mode: desde n/a hasta 3.7.3. The Coming soon and Maintenance mode plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 3.7.3 due to the use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for attackers to bypass the coming soon mode page and visit the full site by spoofing an allowed IP. • https://patchstack.com/database/vulnerability/coming-soon-page/wordpress-coming-soon-and-maintenance-mode-plugin-3-7-3-ip-filtering-bypass-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-693: Protection Mechanism Failure •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title_icon parameter. Se ha descubierto un problema en el plugin responsive-coming-soon-page 1.1.18 para WordPress. Existe XSS mediante el parámetro counter_title_icon en wp-admin/admin.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md https://wpvulndb.com/vulnerabilities/9010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_title parameter. Se ha descubierto un problema en el plugin responsive-coming-soon-page 1.1.18 para WordPress. Existe XSS mediante el parámetro coming-soon_title en wp-admin/admin.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md https://wpvulndb.com/vulnerabilities/9010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php button_text_link parameter. Se ha descubierto un problema en el plugin responsive-coming-soon-page 1.1.18 para WordPress. Existe XSS mediante el parámetro button_text_link en wp-admin/admin.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/responsive-coming-soon-page.md https://wpvulndb.com/vulnerabilities/9010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •