Unauthenticated Settings Reset Vulnerability in Coming Soon Page & Maintenance Mode Plugin for WordPress

Unauthenticated Settings Reset Vulnerability in Coming Soon Page & Maintenance Mode Plugin for WordPress

CVE-2019-25139 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset.

Learn more about our Wordpress Pen Testing.