CVE-2024-0789

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-0789
The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass maintenance mode.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078682%40wp-maintenance%2Ftrunk&old=3069916%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/8f6bbaa1-c50f-4dad-9e5b-04bdffd4a0ae?source=cve
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078682%40wp-maintenance%2Ftrunk&old=3069916%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/8f6bbaa1-c50f-4dad-9e5b-04bdffd4a0ae?source=cve
Configurations

No configuration.

History

08 Apr 2026, 18:18

Type Values Removed Values Added
CWE CWE-348

21 Nov 2024, 08:47

Type Values Removed Values Added
References () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078682%40wp-maintenance%2Ftrunk&old=3069916%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail= - () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3078682%40wp-maintenance%2Ftrunk&old=3069916%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail= -
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/8f6bbaa1-c50f-4dad-9e5b-04bdffd4a0ae?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/8f6bbaa1-c50f-4dad-9e5b-04bdffd4a0ae?source=cve -

20 Jun 2024, 12:44

Type Values Removed Values Added
Summary
  • (es) El complemento WP Maintenance para WordPress es vulnerable a la suplantación de direcciones IP en todas las versiones hasta la 6.1.9.2 incluida debido a una validación insuficiente de la dirección IP y al uso de encabezados HTTP proporcionados por el usuario como método principal para la recuperación de IP. Esto hace posible que atacantes no autenticados eviten el modo de mantenimiento.

19 Jun 2024, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-19 08:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-0789

Mitre link : CVE-2024-0789

CVE.ORG link : CVE-2024-0789

JSON object : View

Products Affected

No product.

CWE
CWE-348

Use of Less Trusted Source