CVE-2024-1472: CWE-284 Improper Access Control in florent73 WP Maintenance
CVE-2024-1472 is a medium severity vulnerability in the florent73 WP Maintenance WordPress plugin, affecting all versions up to 6. 1. 6. It allows unauthenticated attackers to bypass the plugin's maintenance mode via the REST API and access post and page content that should be restricted. This improper access control issue (CWE-284) leads to information exposure without requiring authentication or user interaction. Although no known exploits are currently reported in the wild, the vulnerability poses a risk to websites using this plugin for maintenance mode. The CVSS score is 5. 3, reflecting limited confidentiality impact but no integrity or availability compromise. Organizations relying on this plugin should prioritize patching or applying mitigations to prevent unauthorized content disclosure.
AI Analysis
Technical Summary
The WP Maintenance plugin by florent73, widely used to enable maintenance mode on WordPress sites, contains an improper access control vulnerability identified as CVE-2024-1472. This vulnerability exists in all versions up to and including 6.1.6 and is exploitable via the WordPress REST API. Specifically, the plugin fails to properly restrict access to post and page content when maintenance mode is active, allowing unauthenticated attackers to bypass intended restrictions and retrieve content that should be hidden during maintenance. The root cause is a lack of adequate authorization checks (CWE-284) in the REST API endpoints exposed by the plugin. The vulnerability does not affect the integrity or availability of the site but exposes potentially sensitive content to unauthorized users. Exploitation requires no privileges or user interaction and can be performed remotely over the network. Although no public exploits have been reported yet, the vulnerability is publicly disclosed and assigned a CVSS v3.1 score of 5.3, indicating a medium severity level. The absence of a patch link suggests that a fix may not yet be available, increasing the urgency for site administrators to implement workarounds or monitor for updates.
Potential Impact
This vulnerability primarily impacts the confidentiality of WordPress sites using the WP Maintenance plugin by exposing post and page content during maintenance mode to unauthenticated attackers. Organizations relying on this plugin may inadvertently leak sensitive or proprietary content, undermining privacy and potentially revealing business-critical information. While the integrity and availability of the site remain unaffected, the exposure of content can damage reputation, erode user trust, and provide intelligence to attackers for further exploitation. The risk is especially significant for websites that use maintenance mode to hide ongoing updates or sensitive changes. Since exploitation requires no authentication and can be performed remotely, the attack surface is broad, affecting any publicly accessible WordPress site with the vulnerable plugin installed. The lack of known exploits in the wild reduces immediate risk but does not eliminate the potential for future attacks once exploit code becomes available.
Mitigation Recommendations
1. Immediately monitor the plugin vendor’s official channels for patches or updates addressing CVE-2024-1472 and apply them as soon as they are released. 2. If a patch is not yet available, consider temporarily disabling the WP Maintenance plugin or replacing it with alternative maintenance mode plugins that have verified secure access controls. 3. Restrict REST API access on the WordPress site by implementing authentication requirements or IP whitelisting where feasible, using plugins or web server configurations. 4. Employ Web Application Firewalls (WAFs) to detect and block suspicious REST API requests that attempt to access content during maintenance mode. 5. Audit and limit the exposure of sensitive content in posts and pages, ensuring that no critical data is publicly accessible even if maintenance mode is bypassed. 6. Regularly review WordPress and plugin security advisories to stay informed about emerging threats and fixes. 7. Implement logging and alerting for unusual REST API access patterns to enable rapid detection of exploitation attempts.
Affected Countries
United States, Germany, United Kingdom, Canada, Australia, France, India, Brazil, Japan, Netherlands
CVE-2024-1472: CWE-284 Improper Access Control in florent73 WP Maintenance
Description
CVE-2024-1472 is a medium severity vulnerability in the florent73 WP Maintenance WordPress plugin, affecting all versions up to 6. 1. 6. It allows unauthenticated attackers to bypass the plugin's maintenance mode via the REST API and access post and page content that should be restricted. This improper access control issue (CWE-284) leads to information exposure without requiring authentication or user interaction. Although no known exploits are currently reported in the wild, the vulnerability poses a risk to websites using this plugin for maintenance mode. The CVSS score is 5. 3, reflecting limited confidentiality impact but no integrity or availability compromise. Organizations relying on this plugin should prioritize patching or applying mitigations to prevent unauthorized content disclosure.
AI-Powered Analysis
Technical Analysis
The WP Maintenance plugin by florent73, widely used to enable maintenance mode on WordPress sites, contains an improper access control vulnerability identified as CVE-2024-1472. This vulnerability exists in all versions up to and including 6.1.6 and is exploitable via the WordPress REST API. Specifically, the plugin fails to properly restrict access to post and page content when maintenance mode is active, allowing unauthenticated attackers to bypass intended restrictions and retrieve content that should be hidden during maintenance. The root cause is a lack of adequate authorization checks (CWE-284) in the REST API endpoints exposed by the plugin. The vulnerability does not affect the integrity or availability of the site but exposes potentially sensitive content to unauthorized users. Exploitation requires no privileges or user interaction and can be performed remotely over the network. Although no public exploits have been reported yet, the vulnerability is publicly disclosed and assigned a CVSS v3.1 score of 5.3, indicating a medium severity level. The absence of a patch link suggests that a fix may not yet be available, increasing the urgency for site administrators to implement workarounds or monitor for updates.
Potential Impact
This vulnerability primarily impacts the confidentiality of WordPress sites using the WP Maintenance plugin by exposing post and page content during maintenance mode to unauthenticated attackers. Organizations relying on this plugin may inadvertently leak sensitive or proprietary content, undermining privacy and potentially revealing business-critical information. While the integrity and availability of the site remain unaffected, the exposure of content can damage reputation, erode user trust, and provide intelligence to attackers for further exploitation. The risk is especially significant for websites that use maintenance mode to hide ongoing updates or sensitive changes. Since exploitation requires no authentication and can be performed remotely, the attack surface is broad, affecting any publicly accessible WordPress site with the vulnerable plugin installed. The lack of known exploits in the wild reduces immediate risk but does not eliminate the potential for future attacks once exploit code becomes available.
Mitigation Recommendations
1. Immediately monitor the plugin vendor’s official channels for patches or updates addressing CVE-2024-1472 and apply them as soon as they are released. 2. If a patch is not yet available, consider temporarily disabling the WP Maintenance plugin or replacing it with alternative maintenance mode plugins that have verified secure access controls. 3. Restrict REST API access on the WordPress site by implementing authentication requirements or IP whitelisting where feasible, using plugins or web server configurations. 4. Employ Web Application Firewalls (WAFs) to detect and block suspicious REST API requests that attempt to access content during maintenance mode. 5. Audit and limit the exposure of sensitive content in posts and pages, ensuring that no critical data is publicly accessible even if maintenance mode is bypassed. 6. Regularly review WordPress and plugin security advisories to stay informed about emerging threats and fixes. 7. Implement logging and alerting for unusual REST API access patterns to enable rapid detection of exploitation attempts.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-02-13T16:42:30.725Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6d31b7ef31ef0b56ed2d
Added to database: 2/25/2026, 9:44:17 PM
Last enriched: 2/26/2026, 9:35:52 AM
Last updated: 2/26/2026, 11:29:45 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-64999: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Checkmk GmbH Checkmk
HighCVE-2026-28138: Deserialization of Untrusted Data in Stylemix uListing
HighCVE-2026-28136: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in VeronaLabs WP SMS
HighCVE-2026-28132: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in villatheme WooCommerce Photo Reviews
HighCVE-2026-28131: Insertion of Sensitive Information Into Sent Data in WPVibes Elementor Addon Elements
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.