Published: 07/06/2023 Updated: 07/11/2023

CVSS v3 Base Score: 9.3 | Impact Score: 4.7 | Exploitability Score: 3.9

VMScore: 0

The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated malicious users to read posts, export subscriber lists, and/or deactivate the plugin.

Vulnerable Product	Search on Vulmon	Subscribe to Product
niteothemes cmp

CMP - Coming Soon & Maintenance < 3.8.2 - Improper Access Controls on AJAX Calls (Subscriber+)

CVE-2020-36730 CMP - Coming Soon & Maintenance < 382 - Improper Access Controls on AJAX Calls (Subscriber+) Description: Some of the AJAX calls from the plugin do not properly check for capabilities and CSRF tokens, leading to issues such as arbitrary post read, subscribers list export and plugin deactivation reference: - wwwwordfencecom/threat-i

CWE-862 https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-cmp-coming-soon-and-maintenance-plugin/https://www.wordfence.com/threat-intel/vulnerabilities/id/f1ef067b-e4b4-4174-b6ff-ec94a7afd55d?source=cve https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-cmp-coming-soon-maintenance-by-niteothemes-security-bypass-3-8-1/https://wpscan.com/vulnerability/10341 https://nvd.nist.gov https://github.com/RandomRobbieBF/CVE-2020-36730

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-36730

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect