CVE-2024-1136: CWE-862 Missing Authorization in wpshopmart Coming Soon Page & Maintenance Mode
The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsm_coming_soon_redirect function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to view a site with maintenance mode or coming-soon mode enabled to view the site's content.
AI Analysis
Technical Summary
The Coming Soon Page & Maintenance Mode plugin for WordPress suffers from a missing authorization vulnerability (CWE-862) in the wpsm_coming_soon_redirect function. This flaw allows unauthenticated users to bypass the intended access restrictions when the site is in maintenance or coming-soon mode, enabling them to view the site's content. The vulnerability affects all versions up to 2.2.1. The CVSS 3.1 base score is 5.3 (medium), reflecting network attack vector, low complexity, no privileges required, no user interaction, and limited confidentiality impact.
Potential Impact
An unauthenticated attacker can access site content that should be hidden behind maintenance or coming-soon mode restrictions. This exposure compromises confidentiality but does not affect site integrity or availability. There are no known exploits in the wild as of the published date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider disabling the plugin during maintenance or coming-soon periods or restricting access via other means such as web server access controls.
CVE-2024-1136: CWE-862 Missing Authorization in wpshopmart Coming Soon Page & Maintenance Mode
Description
The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsm_coming_soon_redirect function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to view a site with maintenance mode or coming-soon mode enabled to view the site's content.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Coming Soon Page & Maintenance Mode plugin for WordPress suffers from a missing authorization vulnerability (CWE-862) in the wpsm_coming_soon_redirect function. This flaw allows unauthenticated users to bypass the intended access restrictions when the site is in maintenance or coming-soon mode, enabling them to view the site's content. The vulnerability affects all versions up to 2.2.1. The CVSS 3.1 base score is 5.3 (medium), reflecting network attack vector, low complexity, no privileges required, no user interaction, and limited confidentiality impact.
Potential Impact
An unauthenticated attacker can access site content that should be hidden behind maintenance or coming-soon mode restrictions. This exposure compromises confidentiality but does not affect site integrity or availability. There are no known exploits in the wild as of the published date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider disabling the plugin during maintenance or coming-soon periods or restricting access via other means such as web server access controls.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-01-31T19:05:56.198Z
- Cisa Enriched
- true
Threat ID: 682d9849c4522896dcbf6f1b
Added to database: 5/21/2025, 9:09:29 AM
Last enriched: 4/9/2026, 6:55:48 AM
Last updated: 5/9/2026, 1:49:59 AM
Views: 69
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.