Cmp

cmp

Vendor: Niteothemes • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-2159 1Niteothemes 1Cmp Apr 8, 2026 Jun 9, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url i...Show more The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin's provided feature.Show less
CVE-2020-36730 1Niteothemes 1Cmp Apr 8, 2026 Jun 7, 2023 N/A· v4 9.3 CRITICAL· v3 N/A· v2 The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including...Show more The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export subscriber lists, and/or deactivate the plugin.Show less
CVE-2022-0188 1Niteothemes 1Cmp Nov 21, 2024 Feb 14, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout.