CVE-2023-49741

Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through 3.7.3.

Weakness

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/21.html
• https://cwe.mitre.org/data/definitions/22.html
• https://cwe.mitre.org/data/definitions/459.html
• https://cwe.mitre.org/data/definitions/461.html
• https://cwe.mitre.org/data/definitions/473.html
• https://cwe.mitre.org/data/definitions/476.html
• https://cwe.mitre.org/data/definitions/59.html
• https://cwe.mitre.org/data/definitions/60.html
• https://cwe.mitre.org/data/definitions/667.html
• https://cwe.mitre.org/data/definitions/94.html

References

• https://patchstack.com/database/vulnerability/coming-soon-page/wordpress-coming-soon-and-maintenance-mode-plugin-3-7-3-ip-filtering-bypass-vulnerability?_s_id=cve
• https://patchstack.com/database/vulnerability/coming-soon-page/wordpress-coming-soon-and-maintenance-mode-plugin-3-7-3-ip-filtering-bypass-vulnerability?_s_id=cve