CVE-2023-1263

nvd nist nuclei

Published: Mar 7, 2023Modified: Apr 8, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled.

Affected (1)

Products: Niteothemes: Coming Soon & Maintenance

1 product

Coming Soon & Maintenance

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Niteothemes Coming Soon & Maintenance	Up to 4.1.6

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://plugins.trac.wordpress.org/browser/cmp-coming-soon-maintenance/tags/4.1.6/niteo-cmp.php#L2759

Source: security@wordfence.com

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/e01b4259-ed8d-44a4-9771-470de45b14a8?source=cve

Source: security@wordfence.com

https://plugins.trac.wordpress.org/browser/cmp-coming-soon-maintenance/tags/4.1.6/niteo-cmp.php#L2759

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/e01b4259-ed8d-44a4-9771-470de45b14a8

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.