Remote Code Execution Vulnerability in WP Maintenance Mode Plugin for WordPress
CVE-2018-20156

7.2HIGH

Key Information:

Vendor: Wordpress
Status: WP Maintenance Mode
Vendor: CVE Published:; 14 December 2018

Summary

The WP Maintenance Mode plugin prior to version 2.0.7 exposes a serious security flaw that allows remote authenticated site administrator users to execute arbitrary PHP code on a WordPress multisite network. This vulnerability enables an attacker with administrator access to manipulate the server environment, potentially leading to site takeover or further exploitation. It underscores the importance of maintaining updated plugin versions to mitigate security risks.

References

https://www.wordfence.com/blog/2016/07/3-vulnerabilities-...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2018
Vulnerability Reserved
Dec 14, 2018