vulnerability
WordPress Plugin: coming-soon: CVE-2024-1072: Missing Authorization
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:P) | Jan 31, 2024 | May 15, 2025 | May 15, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:P)
Published
Jan 31, 2024
Added
May 15, 2025
Modified
May 15, 2025
Description
The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin. Version 6.15.22 addresses this issue but introduces a bug affecting admin pages. We suggest upgrading to 6.15.23.
Solution
coming-soon-plugin-cve-2024-1072
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.