5.3
CVE-2024-0789
- EPSS 0.25%
- Veröffentlicht 19.06.2024 08:15:48
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
WP Maintenance <= 6.1.9.2 - IP Spoofing to Maintenance Mode Bypass
WP Maintenance <= 6.1.9.2 - IP Spoofing to Maintenance Mode Bypass
The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass maintenance mode.
Mögliche Gegenmaßnahme
WP Maintenance: Update to version 6.1.9.3, or a newer patched version
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerwp_maintenance_project
≫
Produkt
wp_maintenance
Default Statusunaffected
Version <=
6.1.9.2
Version
0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Maintenance
Version
*-6.1.9.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.164 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-348 Use of Less Trusted Source
The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078682%40wp-maintenance%2Ftrunk&old=3069916%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/8f6bbaa1-c50f-4dad-9e5b-04bdffd4a0ae?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/8f6bbaa1-c50f-4dad-9e5b-04bdffd4a0ae