Colorlib: >> Coming Soon & Maintenance Mode >> 1.0.4 Security Vulnerabilities
The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mode protection provided by the plugin.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-03-20
The Coming Soon & Maintenance Mode by Colorlib WordPress plugin before 1.0.99 does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Scripting when unfiltered_html is disallowed (for example in multisite setup)
CVSS Score
4.8
EPSS Score
0.001
Published
2022-06-20