Approved changes feed: RSS · Atom

cpe:2.3:a:themegrill:maintenance_page:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorThemegrill (bf7edc03-edd7-5596-8b98-c66d683c388f)
ProductMaintenance Page (26279c2c-a734-5466-b225-fbdf21beaf5c)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-1462 vulnerable 2026-06-08 06:25:40.137705 Maintenance Page <= 1.0.8 - Security Mechanism Bypass via REST API
MEDIUM (5.3)
The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode.
Published: 2024-03-13T15:26:53.894Z
Updated: 2026-04-08T16:57:45.419Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-1370 vulnerable 2026-06-08 06:25:39.930324 Maintenance Page <= 1.0.8 - Missing Authorization to Sensitive Information Exposure
MEDIUM (5.3)
The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access or higher, to download a csv containing subscriber emails.
Published: 2024-03-13T15:26:36.831Z
Updated: 2026-04-08T16:41:06.670Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.