CVE-2024-1472

Published: Feb 29, 2024Modified: Apr 8, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: security@wordfence.com (Secondary)

Description

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API.

Affected (1)

Products: Restezconnectes: Wp Maintenance

Restezconnectes

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Restezconnectes Wp Maintenance	Before 6.1.7

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035862%40wp-maintenance%2Ftrunk&old=3032356%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail=#file4

Source: security@wordfence.com

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/645328f3-2bcb-4287-952c-2e23ec57bb4e?source=cve

Source: security@wordfence.com

Third Party Advisory

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035862%40wp-maintenance%2Ftrunk&old=3032356%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail=#file4

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://www.wordfence.com/threat-intel/vulnerabilities/id/645328f3-2bcb-4287-952c-2e23ec57bb4e?source=cve

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.