CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32118 – WordPress CMP – Coming Soon & Maintenance plugin <= 4.1.13 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2025-32118
04 Apr 2025 — Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance allows Using Malicious Files. This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.13. • https://patchstack.com/database/wordpress/plugin/cmp-coming-soon-maintenance/vulnerability/wordpress-cmp-coming-soon-maintenance-plugin-4-1-13-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2159 – CMP – Coming Soon & Maintenance <= 4.1.7 - Maintenance Mode Bypass
https://notcve.org/view.php?id=CVE-2023-2159
18 Apr 2023 — The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin's provided feature. • https://plugins.trac.wordpress.org/browser/cmp-coming-soon-maintenance/tags/4.1.6/niteo-cmp.php#L808 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0188 – Coming Soon & Maintenance Plugin by NiteoThemes < 4.0.19 - Unauthenticated Arbitrary CSS Update
https://notcve.org/view.php?id=CVE-2022-0188
17 Jan 2022 — The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout. El plugin CMP de WordPress versiones anteriores a 4.0.19, permite que cualquier usuario, incluso sin haber iniciado sesión, pueda cambiar arbitrariamente el diseño de la página "coming soon" • https://plugins.trac.wordpress.org/changeset/2657597/cmp-coming-soon-maintenance • CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •
CVSS: 9.3EPSS: 42%CPEs: 1EXPL: 2CVE-2020-36730 – CMP <= 3.8.1 - Missing Authorization
https://notcve.org/view.php?id=CVE-2020-36730
04 Aug 2020 — The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export subscriber lists, and/or deactivate the plugin. • https://github.com/RandomRobbieBF/CVE-2020-36730 • CWE-862: Missing Authorization •