cve/2019/CVE-2019-25139.md

### [CVE-2019-25139](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25139)
![](https://img.shields.io/static/v1?label=Product&message=Coming%20Soon%20Page%20%26%20Maintenance%20Mode&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.8.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)

### Description

The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset.

### POC

#### Reference
- https://blog.nintechnet.com/unauthenticated-stored-xss-in-wordpress-coming-soon-page-and-maintenance-mode-plugin/

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-25139](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25139)`
			`![](https://img.shields.io/static/v1?label=Product&message=Coming%20Soon%20Page%20%26%20Maintenance%20Mode&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.8.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)`

			`### Description`

			`The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settings reset in versions up to, and including 1.8.1 due to missing capability checks in the ~/functions/data-reset-post.php file which makes it possible for unauthenticated attackers to trigger a plugin settings reset.`

			`### POC`

			`#### Reference`
			`- https://blog.nintechnet.com/unauthenticated-stored-xss-in-wordpress-coming-soon-page-and-maintenance-mode-plugin/`

			`#### Github`
			`No PoCs found on GitHub currently.`