Description

WordPress Plugin WP Maintenance Mode is prone to multiple vulnerabilities, including security bypass and information disclosure vulnerabilities. An attacker may leverage these issues to perform otherwise restricted actions and subsequently modify plugin settings or to obtain sensitive information that may help in launching further attacks. WordPress Plugin WP Maintenance Mode version 2.0.3 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.4 or latest

References

https://www.pluginvulnerabilities.com/2016/07/11/protecting-you-against-wordfences-bad-practices-missing-authorization-vulnerability-in-wp-maintenance-mode/

https://www.pluginvulnerabilities.com/2016/07/11/protecting-you-against-wordfences-bad-practices-information-disclosure-vulnerability-in-wp-maintenance-mode/

https://www.pluginvulnerabilities.com/2016/07/11/wordfence-is-either-providing-bad-information-or-taking-credit-for-vulnerabilities-someone-else-discovered/

https://www.wordfence.com/blog/2016/07/3-vulnerabilities-wp-maintenance-mode/

https://wordpress.org/plugins/wp-maintenance-mode/changelog/

Related Vulnerabilities

PHP Other Vulnerability (CVE-2007-1890)

Joomla CVE-2021-23132 Vulnerability (CVE-2021-23132)

SharePoint CVE-2023-36764 Vulnerability (CVE-2023-36764)

WordPress Plugin WP Database Backup Unspecified Vulnerability (4.1)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2398)

Severity

High

Classification

CVE-2018-20154 CVE-2018-20155 CWE-200 CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update