What is CVE-2022-0164?

CVE-2022-0164 is a vulnerability in the Coming soon and Maintenance mode WordPress plugin that allows authenticated users to send arbitrary emails to all subscribed users.

What is the severity of CVE-2022-0164?

CVE-2022-0164 has a severity level of medium, with a severity value of 4.3.

How does CVE-2022-0164 affect the Coming soon and Maintenance mode WordPress plugin?

CVE-2022-0164 affects the Coming soon and Maintenance mode WordPress plugin version up to and exclusive to 3.5.3.

Are there any fixes or patches available for CVE-2022-0164?

Yes, a fix for CVE-2022-0164 is available in version 3.5.3 of the Coming soon and Maintenance mode WordPress plugin.

Where can I find more information about CVE-2022-0164?

You can find more information about CVE-2022-0164 at the following references: [Reference 1](https://plugins.trac.wordpress.org/changeset/2655973), [Reference 2](https://wpscan.com/vulnerability/942535f9-73bf-4467-872a-20075f03bc51).

Vulnerability/
CVE-2022-0164

medium

4.3

CWE

352 862

21/2/2022

2/8/2024

CVE-2022-0164: Coming soon and Maintenance mode < 3.6.7 - Subscriber+ Arbitrary Email Sending to Subscribed Users

First published: Mon Feb 21 2022(Updated: )

The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users

Credit: contact@wpscan.com contact@wpscan.com

Affected Software	Affected Version	How to fix
Wpdevart Coming Soon And Maintenance Mode	<3.5.3

Remedy

https://plugins.trac.wordpress.org/changeset/2655973

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-0164?
CVE-2022-0164 is a vulnerability in the Coming soon and Maintenance mode WordPress plugin that allows authenticated users to send arbitrary emails to all subscribed users.
What is the severity of CVE-2022-0164?
CVE-2022-0164 has a severity level of medium, with a severity value of 4.3.
How does CVE-2022-0164 affect the Coming soon and Maintenance mode WordPress plugin?
CVE-2022-0164 affects the Coming soon and Maintenance mode WordPress plugin version up to and exclusive to 3.5.3.
Are there any fixes or patches available for CVE-2022-0164?
Yes, a fix for CVE-2022-0164 is available in version 3.5.3 of the Coming soon and Maintenance mode WordPress plugin.
Where can I find more information about CVE-2022-0164?
You can find more information about CVE-2022-0164 at the following references: [Reference 1](https://plugins.trac.wordpress.org/changeset/2655973), [Reference 2](https://wpscan.com/vulnerability/942535f9-73bf-4467-872a-20075f03bc51).

collector/nvd-api
collector/nvd-index
agent/type
agent/softwarecombine
agent/references
agent/author
collector/mitre-cve
source/MITRE
agent/remedy
agent/severity
agent/last-modified-date
agent/weakness
agent/title
agent/tags
agent/first-publish-date
agent/description
agent/event
vendor/wpdevart
canonical/wpdevart coming soon and maintenance mode

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.