The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress suffers from an improper access control vulnerability (CWE-284) affecting all versions up to 1.0.99. The flaw allows unauthenticated users to retrieve post and page content through the REST API, effectively bypassing the intended maintenance mode restrictions. The vulnerability has a CVSS 3.1 base score of 5.3, indicating a medium severity impact focused on confidentiality loss without affecting integrity or availability.

An attacker can obtain content from posts and pages that should be protected by the plugin's maintenance mode, leading to unauthorized information disclosure. There is no indication of impact on data integrity or system availability. No known exploits are reported in the wild at this time.

Patch status is not yet confirmed — no official fix or patch links are provided. Users should monitor the vendor's advisory channels for updates and apply any forthcoming patches promptly. Until a fix is available, consider disabling the plugin or restricting REST API access via other means to mitigate exposure.