cleantalk
Vulnerabilities and Security Researches

CMP – Coming Soon & Maintenance Plugin by NiteoThemes, CVE-2020-36730

CVE, Research URL

CVE-2020-36730

Home page URL

Security reports for CMP – Coming Soon & Maintenance Plugin by NiteoThemes

Application

CMP – Coming Soon & Maintenance Plugin by NiteoThemes

Published on
Jun 07, 2023
Research Description
The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export subscriber lists, and/or deactivate the plugin.
Affected versions
max 3.8.2.
Status
vulnerable
Previous vulnerability researches
CMP – Coming Soon & Maintenance Plugin by NiteoThemes (CVE-2025-32118) , Apr 06, 2025
CMP – Coming Soon & Maintenance Plugin by NiteoThemes (CVE-2023-1263) , Jun 07, 2024
CMP – Coming Soon & Maintenance Plugin by NiteoThemes (CVE-2023-2159) , Jun 07, 2024
CMP – Coming Soon & Maintenance Plugin by NiteoThemes (CVE-2022-0188) , Jun 07, 2024
CMP – Coming Soon & Maintenance Plugin by NiteoThemes (CVE-2026-6518) , Apr 19, 2026
New vulnerability
Kubio AI Page Builder (CVE-2026-5427) , Apr 20, 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2026-3330) , Apr 20, 2026
Sell Photo (2ce065d802b631a3fa4492d5366f0ffc4e0ee37b) , Apr 19, 2026
CMP – Coming Soon & Maintenance Plugin by NiteoThemes (CVE-2026-6518) , Apr 19, 2026
Pz-LinkCard (CVE-2026-2434) , Apr 19, 2026