The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset.

Related CVEs

CVE-2019-25139

Key Information

GHSA ID

GHSA-9rpp-j343-49jh

Published

June 7, 2023 3:30 AM

Last Modified

April 4, 2024 4:36 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 1, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.