cleantalk
Vulnerabilities and Security Researches

CMP – Coming Soon & Maintenance Plugin by NiteoThemes, CVE-2023-2159

CVE, Research URL

CVE-2023-2159

Home page URL

Security reports for CMP – Coming Soon & Maintenance Plugin by NiteoThemes

Application

CMP – Coming Soon & Maintenance Plugin by NiteoThemes

Published on
Jun 09, 2023
Research Description
The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed in maintenance mode thus bypassing the plugin's provided feature.
Affected versions
max 4.1.8.
Status
vulnerable
Previous vulnerability researches
CMP – Coming Soon & Maintenance Plugin by NiteoThemes (CVE-2025-32118) , Apr 06, 2025
CMP – Coming Soon & Maintenance Plugin by NiteoThemes (CVE-2023-1263) , Jun 07, 2024
CMP – Coming Soon & Maintenance Plugin by NiteoThemes (CVE-2023-2159) , Jun 07, 2024
CMP – Coming Soon & Maintenance Plugin by NiteoThemes (CVE-2022-0188) , Jun 07, 2024
CMP – Coming Soon & Maintenance Plugin by NiteoThemes (CVE-2026-6518) , Apr 19, 2026
New vulnerability
Kubio AI Page Builder (CVE-2026-5427) , Apr 20, 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2026-3330) , Apr 20, 2026
Sell Photo (2ce065d802b631a3fa4492d5366f0ffc4e0ee37b) , Apr 19, 2026
CMP – Coming Soon & Maintenance Plugin by NiteoThemes (CVE-2026-6518) , Apr 19, 2026
Pz-LinkCard (CVE-2026-2434) , Apr 19, 2026