The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the acx_csma_subscribe_ajax function. This can allow authenticated attackers to extract sensitive data such as names and email addresses of subscribed visitors.