← Back

Niteothemes

niteothemes

4 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Cmp
cmp
3 CVEs
Coming Soon & Maintenance
coming_soon_&_maintenance
1 CVE

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-2159
1Niteothemes
1Cmp
Apr 8, 2026
Jun 9, 2023
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url i...Show more
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin's provided feature.Show less
CVE-2020-36730
1Niteothemes
1Cmp
Apr 8, 2026
Jun 7, 2023
N/A· v4
9.3 CRITICAL· v3
N/A· v2
The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including...Show more
The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export subscriber lists, and/or deactivate the plugin.Show less
CVE-2023-1263
1Niteothemes
1Coming Soon & Maintenance
Apr 8, 2026
Mar 7, 2023
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to...Show more
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled.Show less
CVE-2022-0188
1Niteothemes
1Cmp
Nov 21, 2024
Feb 14, 2022
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout.