Vulnerabilities and security researches forultimate-coming-soon ultimate-coming-soon
Direction: descendingJan 26, 2025
Ultimate Coming Soon & Maintenance # CVE-2025-24546
- CVE, Research URL
- Application
- Date
- Jan 24, 2025
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Ultimate Coming Soon & Maintenance # CVE-2025-24543
- CVE, Research URL
- Application
- Date
- Jan 24, 2025
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Dec 07, 2024
Ultimate Coming Soon & Maintenance # CVE-2024-9706
- CVE, Research URL
- Application
- Date
- Dec 06, 2024
- Research Description
- The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ucsm_activate_lite_template_lite function in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to change the template used for the coming soon / maintenance page.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Ultimate Coming Soon & Maintenance # CVE-2024-9705
- CVE, Research URL
- Application
- Date
- Dec 06, 2024
- Research Description
- The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsm_update_template_name_lite' function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the name of the plugin's templates.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable