Vulnerability Details CVE-2020-6167
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.8%
CVSS Severity
CVSS v3 Score 9.6
CVSS v2 Score 6.8
References
- https://wordpress.org/plugins/minimal-coming-soon-maintenance-mode/#developers
- https://wpvulndb.com/vulnerabilities/10007
- https://www.wordfence.com/blog/2020/01/multiple-vulnerabilities-patched-in-minimal-coming-soon-maintenance-mode-coming-soon-page-plugin/
- https://wordpress.org/plugins/minimal-coming-soon-maintenance-mode/#developers
- https://wpvulndb.com/vulnerabilities/10007
- https://www.wordfence.com/blog/2020/01/multiple-vulnerabilities-patched-in-minimal-coming-soon-maintenance-mode-coming-soon-page-plugin/
Products affected by CVE-2020-6167
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:0.1
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:0.2
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:0.3
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:0.4
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:0.5
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.0
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.1
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.2
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.25
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.30
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.35
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.40
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.45
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.50
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.55
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.60
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.62
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.65
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.70
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.80
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.85
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.87
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.90
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:1.95
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:2.0
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:2.01
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:2.05
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:2.07
-
cpe:2.3:a:webfactoryltd:minimal_coming_soon_&_maintenance_mode:2.10