Vulnerability Description
The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit the license key, which could disable features of the plugin.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webfactoryltd | Minimal Coming Soon \& Maintenance Mode | < 2.39 |
Related Weaknesses (CWE)
References
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CRLF%20InjectionNot Applicable
- https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/Product
- https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/Product
- https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/Product
- https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/Product
- https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/Product
- https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/Product
- https://plugins.trac.wordpress.org/changeset/3099123/Patch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/affdaf63-2098-4ad6-b15Third Party Advisory
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CRLF%20InjectionNot Applicable
- https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/Product
- https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/Product
- https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/Product
- https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/Product
- https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/Product
FAQ
What is CVE-2024-5087?
CVE-2024-5087 is a vulnerability with a CVSS score of 6.3 (MEDIUM). The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_aja...
How severe is CVE-2024-5087?
CVE-2024-5087 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-5087?
Check the references section above for vendor advisories and patch information. Affected products include: Webfactoryltd Minimal Coming Soon \& Maintenance Mode.