PT-2020-18977 · WordPress · Minimal Coming Soon & Maintenance Mode

Published

2020-01-09

Updated

2020-01-10

CVE-2020-6167

CVSS v3.1

9.6

Critical

Vector

AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R

Name of the Vulnerable Software and Affected Versions Minimal Coming Soon & Maintenance Mode versions 2.10 and earlier

Description A flaw in the Minimal Coming Soon & Maintenance Mode plugin allows a CSRF attack, enabling an attacker to enable maintenance mode, inject XSS, modify important settings, or include remote files as a logo.

Recommendations For Minimal Coming Soon & Maintenance Mode version 2.10 and earlier, update to a version later than 2.10 to resolve the issue.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-6167

Affected Products

Minimal Coming Soon & Maintenance Mode

PT-2020-18977 · WordPress · Minimal Coming Soon & Maintenance Mode

CVE-2020-6167

Weakness Enumeration

Related Identifiers

Affected Products

References · 5