CVE-2024-1136 - Vulnerability Details - OpenCVE

The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsm_coming_soon_redirect function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to view a site with maintenance mode or coming-soon mode enabled to view the site's content.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wpshopmart	Coming Soon Page \& Maintenance Mode

Configuration 1 [-]

cpe:2.3:a:wpshopmart:coming_soon_page_\&_maintenance_mode:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/responsive-coming-soon/trunk/redirect.php#L11
https://www.wordfence.com/threat-intel/vulnerabilities/id/e3c52d6e-b3f4-4ba8-aee4-b9f11704e1de?source=cve

History

Fri, 07 Feb 2025 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wpshopmart Wpshopmart coming Soon Page \& Maintenance Mode
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:wpshopmart:coming_soon_page_\&_maintenance_mode::::::wordpress::*
Vendors & Products		Wpshopmart Wpshopmart coming Soon Page \& Maintenance Mode

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-02-28T08:33:13.484Z

Updated: 2024-08-01T18:26:30.455Z

Reserved: 2024-01-31T19:05:56.198Z

Link: CVE-2024-1136

Vulnrichment

Updated: 2024-08-01T18:26:30.455Z

NVD

Status : Analyzed

Published: 2024-02-28T09:15:42.530

Modified: 2025-02-07T17:32:39.080

Link: CVE-2024-1136

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1136", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-01-31T19:05:56.198Z", "datePublished": "2024-02-28T08:33:13.484Z", "dateUpdated": "2024-08-01T18:26:30.455Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-02-28T08:33:13.484Z"}, "affected": [{"vendor": "wpshopmart", "product": "Coming Soon Page & Maintenance Mode", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "2.2.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsm_coming_soon_redirect function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to view a site with maintenance mode or coming-soon mode enabled to view the site's content."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3c52d6e-b3f4-4ba8-aee4-b9f11704e1de?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/responsive-coming-soon/trunk/redirect.php#L11"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Lucio S\u00e1"}], "timeline": [{"time": "2024-02-27T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"affected": [{"vendor": "wpshopmart", "product": "coming_soon_page_\\&_maintenance_mode", "cpes": ["cpe:2.3:a:wpshopmart:coming_soon_page_\\&_maintenance_mode:*:*:*:*:*:wordpress:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.21", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-28T18:34:52.151462Z", "id": "CVE-2024-1136", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T15:08:06.738Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.455Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3c52d6e-b3f4-4ba8-aee4-b9f11704e1de?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/responsive-coming-soon/trunk/redirect.php#L11", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3c52d6e-b3f4-4ba8-aee4-b9f11704e1de?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/responsive-coming-soon/trunk/redirect.php#L11", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.455Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1136", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-28T18:34:52.151462Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wpshopmart:coming_soon_page_\\&_maintenance_mode:*:*:*:*:*:wordpress:*:*"], "vendor": "wpshopmart", "product": "coming_soon_page_\\&_maintenance_mode", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.21"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-25T15:07:44.519Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Lucio S\u00e1"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "wpshopmart", "product": "Coming Soon Page & Maintenance Mode", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.2.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-02-27T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3c52d6e-b3f4-4ba8-aee4-b9f11704e1de?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/responsive-coming-soon/trunk/redirect.php#L11"}], "descriptions": [{"lang": "en", "value": "The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsm_coming_soon_redirect function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to view a site with maintenance mode or coming-soon mode enabled to view the site's content."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-02-28T08:33:13.484Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1136", "state": "PUBLISHED", "dateUpdated": "2024-08-01T18:26:30.455Z", "dateReserved": "2024-01-31T19:05:56.198Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-02-28T08:33:13.484Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpshopmart:coming_soon_page_\\&_maintenance_mode:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "DBB22453-EA02-4126-8779-DBD76DF1BACB", "versionEndExcluding": "2.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsm_coming_soon_redirect function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to view a site with maintenance mode or coming-soon mode enabled to view the site's content."}, {"lang": "es", "value": "El complemento Coming Soon Page & Maintenance Mode para WordPress es vulnerable al acceso no autorizado a los datos debido a una verificaci\u00f3n de URL implementada incorrectamente en la funci\u00f3n wpsm_coming_soon_redirect en todas las versiones hasta la 2.2.1 incluida. Esto hace posible que atacantes no autenticados vean un sitio con el modo de mantenimiento o el modo pr\u00f3ximamente habilitado para ver el contenido del sitio."}], "id": "CVE-2024-1136", "lastModified": "2025-02-07T17:32:39.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-02-28T09:15:42.530", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/browser/responsive-coming-soon/trunk/redirect.php#L11"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3c52d6e-b3f4-4ba8-aee4-b9f11704e1de?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/browser/responsive-coming-soon/trunk/redirect.php#L11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3c52d6e-b3f4-4ba8-aee4-b9f11704e1de?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}