CVE-2020-36707

EPSS 0.12%
Veröffentlicht 07.06.2023 02:15:11
Zuletzt bearbeitet 21.11.2024 05:30:07
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Coming Soon & Maintenance Mode Page <= 1.57 - Cross-Site Request Forgery

The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to confusing logic functions missing or having incorrect nonce validation. This makes it possible for unauthenticated attackers to gain and perform otherwise unauthorized access and actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Mögliche Gegenmaßnahme

Coming Soon & Maintenance Mode Page & Under Construction: Update to version 1.58, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Coming Soon & Maintenance Mode Page & Under Construction

Version * - 1.57

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wpconcern ≫ Nifty Coming Soon & Maintenance Mode Page SwPlatformwordpress Version < 1.58

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.317

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
security@wordfence.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://jetpack.com/features/security/library/nifty-coming-soon-and-under-construction-page-plugin/

Product

https://wpscan.com/vulnerability/aa47a464-af97-43bc-b6cb-75a08ce3ece7

Third Party Advisory

https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-coming-soon-maintenance-mode-page-cross-site-request-forgery-1-57/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/59278214-b0ce-44bf-8d8f-265c5c50006a?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/59278214-b0ce-44bf-8d8f-265c5c50006a

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-36707

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-36707

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-36707

EUVD