cleantalk
Vulnerabilities and Security Researches

Maintenance & Coming Soon Redirect Animation, CVE-2024-9503

CVE, Research URL

CVE-2024-9503

Home page URL

Security reports for Maintenance & Coming Soon Redirect Animation

Application

Maintenance & Coming Soon Redirect Animation

Published on
Dec 20, 2024
Research Description
The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wploti_add_whitelisted_roles_option', 'wploti_remove_whitelisted_roles_option', 'wploti_add_whitelisted_users_option', 'wploti_remove_whitelisted_users_option', and 'wploti_uploaded_animation_save_option' functions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify certain plugin settings.
Affected versions
Min -, max 2.3.0.
Status
vulnerable
Previous vulnerability researches
Maintenance & Coming Soon Redirect Animation (CVE-2024-9503) , Dec 21, 2024
Maintenance & Coming Soon Redirect Animation (CVE-2024-43944) , Aug 29, 2024
New vulnerability
WP Simple Booking Calendar (CVE-2025-39541) , Apr 20, 2025
WordPress Job Board and Recruitment Plugin – JobWP (CVE-2025-2010) , Apr 20, 2025
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025