Lengochoa

Name of the Vulnerable Software and Affected Versions: Peter Hardy-vanDoorn Maintenance Redirect versions n/a through 2.0.1 Description: The issue is related to an Authentication Bypass by Spoofing vulnerability, which allows accessing functionality not properly constrained by ACLs. This enables unauthorized access to certain features. Recommendations: For versions n/a through 2.0.1, update to a version later than 2.0.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yassine Idrissi Maintenance & Coming Soon Redirect Animation versions 2.1.3 and earlier **Description** The issue is related to an Incorrect Authorization vulnerability, allowing access to functionality not properly constrained by Access Control Lists (ACLs). This means that certain features or areas of the software may be accessible without the proper permissions, potentially leading to unauthorized actions. **Recommendations** For versions 2.1.3 and earlier, update to a version that properly constrains functionality with ACLs to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Maintenance plugin for WordPress versions up to, and including, 6.1.9.2 **Description** The issue arises from insufficient IP address validation and the use of user-supplied HTTP headers as a primary method for IP retrieval. This allows unauthenticated attackers to bypass maintenance mode by spoofing their IP address. **Recommendations** For WP Maintenance plugin for WordPress versions up to, and including, 6.1.9.2, update to a version later than 6.1.9.2 to resolve the issue. As a temporary workaround, consider restricting access to maintenance mode to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** helderk Maintenance Mode versions n/a through 3.0.1 **Description** The issue is an Authentication Bypass by Spoofing vulnerability in helderk Maintenance Mode, allowing Functionality Bypass. **Recommendations** For versions n/a through 3.0.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Brijesh Kothari Smart Maintenance Mode versions 1.4.4 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue has been identified. This type of issue allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For versions 1.4.4 and earlier, update to a version that includes a fix for this issue, as no specific workaround or mitigation measures are provided in the given information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress Infinite Scroll – Ajax Load More plugin for WordPress versions up to, and including, 7.0.1 **Description** The issue allows authenticated attackers with administrator-level access and above to read the contents of arbitrary files on the server, potentially containing sensitive information, via the `type` parameter. This is limited to Windows instances. **Recommendations** For WordPress Infinite Scroll – Ajax Load More plugin for WordPress versions up to, and including, 7.0.1, update to a version later than 7.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the `type` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Coder versions through 3.5 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. **Recommendations** For versions through 3.5, update to a version later than 3.5 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.