CVE-2020-6167

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 08, 2020
Published Date: January 09, 2020
Last Updated: August 04, 2024
Vendor: WordPress
Product: Minimal Coming Soon & Maintenance Mode plugin
Description: A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo.
Tags

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v3.0

9.6 - CRITICAL

Vector: CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R

CVSS v2.0

6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Score

Score: 0.73% (Percentile: 71.44%) as of 2025-05-12

Exploit Status

Exploited in the Wild: Yes (2020-01-08 11:25:14 UTC) Source

References

https://wpvulndb.com/vulnerabilities/10007 https://wordpress.org/plugins/minimal-coming-soon-maintenance-mode/#developers https://www.wordfence.com/blog/2020/01/multiple-vulnerabilities-patched-in-minimal-coming-soon-maintenance-mode-coming-soon-page-plugin/

Known Exploited Vulnerability Information

Source	Added Date
Wordfence	2020-01-08 11:25:14 UTC

Timeline

CVE ID Reserved

January 08, 2020
Added to KEVIntel

January 08, 2020
CVE Published to Public

January 09, 2020