Filtered by vendor Rstheme
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24546 | 1 Rstheme | 1 Ultimate Coming Soon \& Maintenance | 2025-06-09 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9. | |||||
| CVE-2025-24543 | 1 Rstheme | 1 Ultimate Coming Soon \& Maintenance | 2025-06-09 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in RSTheme Ultimate Coming Soon & Maintenance allows Cross Site Request Forgery. This issue affects Ultimate Coming Soon & Maintenance: from n/a through 1.0.9. | |||||
| CVE-2024-9706 | 1 Rstheme | 1 Ultimate Coming Soon \& Maintenance | 2025-06-05 | N/A | 5.3 MEDIUM |
| The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ucsm_activate_lite_template_lite function in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to change the template used for the coming soon / maintenance page. | |||||
| CVE-2024-9705 | 1 Rstheme | 1 Ultimate Coming Soon \& Maintenance | 2025-06-05 | N/A | 4.3 MEDIUM |
| The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsm_update_template_name_lite' function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the name of the plugin's templates. | |||||