CVE-2024-0789

Name of the Vulnerable Software and Affected Versions WP Maintenance plugin for WordPress versions up to, and including, 6.1.9.2

Description The issue arises from insufficient IP address validation and the use of user-supplied HTTP headers as a primary method for IP retrieval. This allows unauthenticated attackers to bypass maintenance mode by spoofing their IP address.

Recommendations For WP Maintenance plugin for WordPress versions up to, and including, 6.1.9.2, update to a version later than 6.1.9.2 to resolve the issue. As a temporary workaround, consider restricting access to maintenance mode to minimize the risk of exploitation.