Refine your search

1 vulnerability found for Coming Soon & Maintenance Mode by Colorlib by colorlibplugins

CVE-2024-1473 (GCVE-0-2024-1473)
Vulnerability from cvelistv5
Published
2024-03-20 06:48
Modified
2026-04-08 16:50
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-284 - Improper Access Control
Summary
The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mode protection provided by the plugin.
References
Impacted products
Vendor Product Version
colorlibplugins Coming Soon & Maintenance Mode by Colorlib Version: 0    1.0.99
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:40:21.152Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/48dc10a9-7bb9-401f-befd-1bf620858825?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/colorlib-coming-soon-maintenance/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:colorlib:coming_soon_\\\u0026_maintenance_mode:*:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "coming_soon_\\\u0026_maintenance_mode",
            "vendor": "colorlib",
            "versions": [
              {
                "lessThanOrEqual": "1.0.99",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1473",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-02T16:18:10.712610Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:21:23.930Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Coming Soon \u0026 Maintenance Mode by Colorlib",
          "vendor": "colorlibplugins",
          "versions": [
            {
              "lessThanOrEqual": "1.0.99",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Francesco Carlucci"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Coming Soon \u0026 Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mode protection provided by the plugin."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:50:17.898Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/48dc10a9-7bb9-401f-befd-1bf620858825?source=cve"
        },
        {
          "url": "https://wordpress.org/plugins/colorlib-coming-soon-maintenance/"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3058925/colorlib-coming-soon-maintenance/trunk/colorlib-coming-soon-and-maintenance-mode.php"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-03-19T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Coming Soon \u0026 Maintenance Mode by Colorlib \u003c= 1.0.99 - Information Exposure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-1473",
    "datePublished": "2024-03-20T06:48:24.765Z",
    "dateReserved": "2024-02-13T16:52:48.799Z",
    "dateUpdated": "2026-04-08T16:50:17.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}