Server-Side Request Forgery Vulnerability in SeedProd Coming Soon Page by SeedProd
CVE-2026-39464

5.5MEDIUM

Key Information:

Vendor: WordPress
Status: Coming Soon Page, Under Construction & Maintenance Mode By Seedprod
Vendor: CVE Published:; 8 April 2026

What is CVE-2026-39464?

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Coming Soon Page, Under Construction & Maintenance Mode plugin by SeedProd. This vulnerability allows an attacker to send unauthorized requests from the server, potentially leading to leakage of sensitive information or interaction with internal services. The affected versions range from an unspecified version up to 6.19.8, necessitating immediate updates to protect against exploitation.

Affected Version(s)

Coming Soon Page, Under Construction & Maintenance Mode by SeedProd 0 <= 6.19.8

References

https://patchstack.com/database/Wordpress/Plugin/coming-s...

vdb-entry

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

timomangcut | Patchstack Bug Bounty Program

CVE-2026-39464 Data

JSON