Vulnerabilities and security researches forwp-maintenance-mode-site-under-construction wp-maintenance-mode-site-under-construction
Direction: ascendingJun 07, 2024
WP Maintenance Mode & Site Under Construction # CVE-2021-24193
- CVE, Research URL
- Date
- May 14, 2021
- Research Description
- Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Maintenance Mode & Site Under Construction # CVE-2021-24190
- CVE, Research URL
- Date
- May 14, 2021
- Research Description
- Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Maintenance Mode & Site Under Construction # CVE-2021-24192
- CVE, Research URL
- Date
- May 14, 2021
- Research Description
- Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Maintenance Mode & Site Under Construction # CVE-2021-24195
- CVE, Research URL
- Date
- May 14, 2021
- Research Description
- Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Maintenance Mode & Site Under Construction # CVE-2021-24194
- CVE, Research URL
- Date
- May 14, 2021
- Research Description
- Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login Protection - Limit Failed Login Attempts WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Maintenance Mode & Site Under Construction # CVE-2021-24191
- CVE, Research URL
- Date
- May 14, 2021
- Research Description
- Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Maintenance Mode & Site Under Construction WordPress plugin before 1.8.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Maintenance Mode & Site Under Construction # CVE-2021-24188
- CVE, Research URL
- Date
- May 14, 2021
- Research Description
- Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
WP Maintenance Mode & Site Under Construction # CVE-2021-24189
- CVE, Research URL
- Date
- May 14, 2021
- Research Description
- Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Captchinoo, Google recaptcha for admin login page WordPress plugin before 2.4, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 15, 2025
WP Maintenance Mode & Site Under Construction # CVE-2025-49284
- CVE, Research URL
- Date
- Jun 06, 2025
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Maintenance Mode & Site Under Construction allows Cross Site Request Forgery. This issue affects WP Maintenance Mode & Site Under Construction: from n/a through 4.3.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable