SB2020080405 - Multiple vulnerabilities in CMP – Coming Soon & Maintenance Plugin for WordPress

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the "cmp_get_post_detail" AJAX action. A remote attacker can bypass implemented security restrictions and view any post or page, including those that are marked as draft, pending, private or even password-protected.

2) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the "niteo_export_csv" AJAX action. A remote authenticated attacker can bypass implemented security restrictions and download the plugin’s subscribers list which includes email addresses and names.

3) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the "cmp_disable_comingsoon_ajax" AJAX action. A remote attacker can bypass implemented security restrictions and desable the target plugin.

Remediation

Install update from vendor's website.

References

• https://wpvulndb.com/vulnerabilities/10341/
• https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-cmp-coming-soon-and-maintenance-plugin/