The Coming soon and Maintenance mode plugin for WordPress is not secure in all versions up to 3.7.3. Attackers can use user-supplied HTTP headers to pretend to have an allowed IP address, and bypass the coming soon mode page to visit the full website. This makes the plugin vulnerable to IP Address Spoofing.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
