Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total6
Critical0
High0
Medium6
Reset
Showing 1-6 of 6 records
Threat Entry Updated 2025-06-05

CVE-2024-9706 - Maintenance Plugin

The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ucsm_activate_lite_template_lite function in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to change the template used for the coming soon / maintenance page.

PLUGIN Maintenance

CVE-2024-9706

MEDIUM CVSS 5.3 2024-12-06
Open Full Technical Breakdown
Threat Entry Updated 2025-06-05

CVE-2024-9705 - Maintenance Plugin

The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsm_update_template_name_lite' function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the name of the plugin's templates.

PLUGIN Maintenance

CVE-2024-9705

MEDIUM CVSS 4.3 2024-12-06
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2159 - Maintenance Plugin

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin's provided feature.

PLUGIN Maintenance

CVE-2023-2159

MEDIUM CVSS 5.3 2023-06-09
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-1263 - Maintenance Plugin

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled.

PLUGIN Maintenance

CVE-2023-1263

MEDIUM CVSS 5.3 2023-03-07
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0601 - Maintenance Plugin

The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.

PLUGIN Maintenance

CVE-2022-0601

MEDIUM CVSS 6.1 2022-03-14
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24533 - Maintenance Plugin

The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them (even when the unfiltered_html capability is disallowed), which will be triggered in the frontend

PLUGIN Maintenance

CVE-2021-24533

MEDIUM CVSS 4.8 2021-08-23
Open Full Technical Breakdown
Scroll to top