ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Minimal Coming Soon & Maintenance Mode plugin <= 2.15 - Insecure permissions: Export Settings/Theme Change vulnerability

Product
Minimal Coming Soon & Maintenance Mode – Coming Soon Page
Description
Insecure permissions: Export Settings/Theme Change vulnerability found by Chloe Chamberland in WordPress Minimal Coming Soon & Maintenance Mode plugin (versions <= 2.15).
Solution
Update the WordPress Minimal Coming Soon & Maintenance Mode plugin to the latest available version (at least 2.17).
Classification
Type BYPASS
OWASP Top 10 A7: Missing Function Level Access Control
References
Plugin changelog
CVE
Name CVE-2020-6166
Versions
Affected In <= 2.15
Fixed In 2.17
Disclosure date
2020-01-08
Credits
Chloe Chamberland
Submitter
ThreatPress