GCVE - cpe:2.3:a:themeisle:lightstart_–_maintenance_mode,_coming_soon_and_landing_page

Approved changes feed: RSS · Atom

cpe:2.3:a:themeisle:lightstart_–_maintenance_mode,_coming_soon_and_landing_page_builder:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Themeisle (`952ca4ef-81b0-5b76-b2cc-d8cf654b2d29`)
Product	Lightstart – Maintenance Mode, Coming Soon And Landing Page Builder (`c1503912-3502-5979-b883-89395832ddb6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-1047`	vulnerable	2026-06-03 14:54:26.025987	ThemeIsle SDK <= Various Versions - Missing Authorization MEDIUM (5.3) Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in various versions. This makes it possible for unauthenticated attackers to update options values that allow ThemeIsle to track promotional activities via utm_source. Published: 2024-02-02T05:33:14.536Z Updated: 2026-04-08T16:56:47.195Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=cve https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php#L175 https://plugins.trac.wordpress.org/changeset/3029507/themeisle-companion/tags/2.10.29/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040302%40templates-patterns-collection&new=3040302%40templates-patterns-collection&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-7019`	vulnerable	2026-06-03 14:53:59.571549	LightStart – Maintenance Mode, Coming Soon and Landing Page Builder <= 2.6.8 - Missing Authorization MEDIUM (4.3) The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to change page designs. Published: 2024-01-11T08:32:53.047Z Updated: 2026-04-08T17:17:12.149Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/b57d3d1d-dcdb-4f11-82d8-183778baa075?source=cve https://plugins.trac.wordpress.org/changeset/3013229/wp-maintenance-mode/trunk/includes/classes/wp-maintenance-mode-admin.php?contextall=1&old=2922691&old_path=%2Fwp-maintenance-mode%2Ftrunk%2Fincludes%2Fclasses%2Fwp-maintenance-mode-admin.php	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Lightstart – Maintenance Mode, Coming Soon And Landing Page Builder

PURL mappings

Vulnerability references

Contribute