Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-04-18
CVE-2026-6518 - Cmp Coming Soon Maintenance Plugin
The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `cmp_theme_update_install` AJAX action. This is due to the function only checking for the `publish_pages` capability (available to Editors and above) instead of `manage_options` (Administrators only), combined with a lack of proper validation on the user-supplied file URL and no verification of the downloaded file's content before extraction. This makes it possible for authenticated attackers, with Administrator-level access…
PLUGIN
Cmp Coming Soon Maintenance
CVE-2026-6518
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2159 - Cmp Coming Soon Maintenance Plugin
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin's provided feature.
PLUGIN
Cmp Coming Soon Maintenance
CVE-2023-2159
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-1263 - Cmp Coming Soon Maintenance Plugin
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled.
PLUGIN
Cmp Coming Soon Maintenance
CVE-2023-1263
Risk Score