{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1181", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-02-01T22:10:38.376Z", "datePublished": "2024-03-20T06:48:25.851Z", "dateUpdated": "2024-08-01T19:10:31.390Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-03-20T06:48:25.851Z"}, "affected": [{"vendor": "dazzlersoft", "product": "Coming Soon, Under Construction & Maintenance Mode By Dazzler", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "2.1.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Coming Soon, Under Construction & Maintenance Mode By Dazzler plugin for WordPress is vulnerable to maintenance mode bypass in all versions up to, and including, 2.1.2. This is due to the plugin relying on the REQUEST_URI to determine if the page being accesses is an admin area. This makes it possible for unauthenticated attackers to bypass maintenance mode and access the site which may be considered confidential when in maintenance mode."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc144cd-7119-477f-9fa1-b00cab215077?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/coming-soon-wp/trunk/coming-soon-wp.php#L45"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Lucio S\u00e1"}], "timeline": [{"time": "2024-03-19T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.093Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc144cd-7119-477f-9fa1-b00cab215077?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/coming-soon-wp/trunk/coming-soon-wp.php#L45", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "dazzlersoftware", "product": "coming_soon\\,_under_construction_\\&_maintenance_mode_by_dazzler", "cpes": ["cpe:2.3:a:dazzlersoftware:coming_soon\\,_under_construction_\\&_maintenance_mode_by_dazzler:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.1.2", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T19:08:53.038154Z", "id": "CVE-2024-1181", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T19:10:31.390Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc144cd-7119-477f-9fa1-b00cab215077?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/coming-soon-wp/trunk/coming-soon-wp.php#L45", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.093Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1181", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-01T19:08:53.038154Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:dazzlersoftware:coming_soon\\,_under_construction_\\&_maintenance_mode_by_dazzler:*:*:*:*:*:*:*:*"], "vendor": "dazzlersoftware", "product": "coming_soon\\,_under_construction_\\&_maintenance_mode_by_dazzler", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.1.2"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T19:10:27.767Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Lucio S\u00e1"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "dazzlersoft", "product": "Coming Soon, Under Construction & Maintenance Mode By Dazzler", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.1.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-03-19T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc144cd-7119-477f-9fa1-b00cab215077?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/coming-soon-wp/trunk/coming-soon-wp.php#L45"}], "descriptions": [{"lang": "en", "value": "The Coming Soon, Under Construction & Maintenance Mode By Dazzler plugin for WordPress is vulnerable to maintenance mode bypass in all versions up to, and including, 2.1.2. This is due to the plugin relying on the REQUEST_URI to determine if the page being accesses is an admin area. This makes it possible for unauthenticated attackers to bypass maintenance mode and access the site which may be considered confidential when in maintenance mode."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-03-20T06:48:25.851Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1181", "state": "PUBLISHED", "dateUpdated": "2024-08-01T19:10:31.390Z", "dateReserved": "2024-02-01T22:10:38.376Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-03-20T06:48:25.851Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "The Coming Soon, Under Construction & Maintenance Mode By Dazzler plugin for WordPress is vulnerable to maintenance mode bypass in all versions up to, and including, 2.1.2. This is due to the plugin relying on the REQUEST_URI to determine if the page being accesses is an admin area. This makes it possible for unauthenticated attackers to bypass maintenance mode and access the site which may be considered confidential when in maintenance mode."}, {"lang": "es", "value": "El complemento Coming Soon, Under Construction & Maintenance Mode de Dazzler para WordPress es vulnerable a la omisi\u00f3n del modo de mantenimiento en todas las versiones hasta la 2.1.2 incluida. Esto se debe a que el complemento se basa en REQUEST_URI para determinar si la p\u00e1gina a la que se accede es un \u00e1rea de administraci\u00f3n. Esto permite que atacantes no autenticados omitan el modo de mantenimiento y accedan al sitio que puede considerarse confidencial cuando est\u00e1 en modo de mantenimiento."}], "id": "CVE-2024-1181", "lastModified": "2024-11-21T08:49:58.703", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-03-20T07:15:09.167", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/coming-soon-wp/trunk/coming-soon-wp.php#L45"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc144cd-7119-477f-9fa1-b00cab215077?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://plugins.trac.wordpress.org/browser/coming-soon-wp/trunk/coming-soon-wp.php#L45"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc144cd-7119-477f-9fa1-b00cab215077?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis"}

{}

{}