🦸 👻 Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024, all in-scope vulnerability types for WordPress plugins/themes with >= 1,000 active installations are in-scope for ALL researchers, top-tier researchers earn automatic bonuses of between 10% to 120% for valid submissions, pending report limits are increased for all, and it's possible to earn up to $31,200 for high impact vulnerabilities!

Review what's in scope for your tier and updated bounties with bonuses here!

Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode

Information

Software Type	Plugin
Software Slug	coming-soon (view on wordpress.org)
Software Status	Active
Software Author	seedprod
Software Website	www.seedprod.com
Software Downloads	26,332,769
Software Active Installs	800,000
Software Record Last Updated	October 20, 2024

5 Vulnerabilities

Submit a Vulnerability

Coming Soon Page, Under Construction & Maintenance Mode by SeedProd <= 6.17.4 - Authenticated (Editor+) Stored Cross-Site Scripting

4.4

CVE-2024-47299

Sep 24, 2024

Researcher: João Pedro Soares de Alcântara

Coming Soon Page, Under Construction & Maintenance Mode by SeedProd <= 6.15.20 - Cross-Site Request Forgery to Notice Dismissal

4.3

CVE-2024-32088

Apr 11, 2024

Researcher: Dhabaleshwar Das

Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.15.21 - Missing Authorization via seedprod_lite_new_lpage

8.2

CVE-2024-1072

Jan 31, 2024

Researcher: Lucio Sá

Website Builder by SeedProd <= 6.15.13.1 - Cross-Site Request Forgery to Settings Update

4.3

CVE-2023-4975

Sep 18, 2023

Researcher: Marco Wotschka

Coming Soon Page by SeedProd <= 5.1.1 - Authenticated Stored Cross-Site Scripting

6.4

CVE-2020-15038

Jun 25, 2020

Researcher: Jinson Varghese Behanan

Title	Status	CVE ID	CVSS	Researchers	Date
Coming Soon Page, Under Construction & Maintenance Mode by SeedProd <= 6.17.4 - Authenticated (Editor+) Stored Cross-Site Scripting	Patched	CVE-2024-47299	4.4	João Pedro Soares de Alcântara	September 24, 2024
Coming Soon Page, Under Construction & Maintenance Mode by SeedProd <= 6.15.20 - Cross-Site Request Forgery to Notice Dismissal	Patched	CVE-2024-32088	4.3	Dhabaleshwar Das	April 11, 2024
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.15.21 - Missing Authorization via seedprod_lite_new_lpage	Patched	CVE-2024-1072	8.2	Lucio Sá	January 31, 2024
Website Builder by SeedProd <= 6.15.13.1 - Cross-Site Request Forgery to Settings Update	Patched	CVE-2023-4975	4.3	Marco Wotschka	September 18, 2023
Coming Soon Page by SeedProd <= 5.1.1 - Authenticated Stored Cross-Site Scripting	Patched	CVE-2020-15038	6.4	Jinson Varghese Behanan	June 25, 2020

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation