CVE-2024-1075

Name of the Vulnerable Software and Affected Versions The Minimal Coming Soon – Coming Soon Page plugin for WordPress versions up to, and including, 2.37

Description The issue is due to the plugin improperly validating the request path, making it possible for unauthenticated attackers to bypass maintenance mode and view pages that should be hidden. This results in maintenance mode bypass and information disclosure.

Recommendations For versions up to, and including, 2.37, update to a version higher than 2.37 to resolve the issue. As a temporary workaround, consider restricting access to sensitive pages until a patch is available.