🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > LightStart – Maintenance Mode, Coming Soon and Landing Page Builder

Information

Software Type	Plugin
Software Slug	wp-maintenance-mode (view on wordpress.org)
Software Status	Active
Software Author	themeisle
Software Downloads	16,227,991
Software Active Installs	700,000
Software Record Last Updated	May 9, 2024

7 Vulnerabilities

ThemeIsle SDK <= Various Versions - Missing Authorization

5.3

CVE-2024-1047

Feb 1, 2024

Researcher: Francesco Carlucci

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder <= 2.6.8 - Missing Authorization

4.3

CVE-2023-7019

Jan 5, 2024

Researcher: Lucio Sá

WP Maintenance Mode & Coming Soon <= 2.4.4 - Cross-Site Request Forgery

8.8

CVE-2022-1576

Jun 20, 2022

Researcher: Daniel Ruf

WP Maintenance Mode <= 2.0.6 - Remote Code Execution

9.1

CVE-2018-20156

Dec 14, 2018

Researcher: Sean Murphy

WP Maintenance Mode <= 2.0.6 - Missing Authorization

5.4

CVE-2018-20155

Jul 6, 2016

Researcher: Sean Murphy

WP Maintenance Mode <= 2.0.6 - Authenticated Information Disclosure

4.3

CVE-2018-20154

Jul 6, 2016

Researchers:

WP Maintenance Mode <= 1.8.7 - Missing Authorization Checks & Cross-Site Request Forgery

5.4

CVE-2013-3250

Jun 5, 2013

Researchers:

Title	CVE ID	CVSS	Researchers	Date
ThemeIsle SDK <= Various Versions - Missing Authorization	CVE-2024-1047	5.3	Francesco Carlucci	February 1, 2024
LightStart – Maintenance Mode, Coming Soon and Landing Page Builder <= 2.6.8 - Missing Authorization	CVE-2023-7019	4.3	Lucio Sá	January 5, 2024
WP Maintenance Mode & Coming Soon <= 2.4.4 - Cross-Site Request Forgery	CVE-2022-1576	8.8	Daniel Ruf	June 20, 2022
WP Maintenance Mode <= 2.0.6 - Remote Code Execution	CVE-2018-20156	9.1	Sean Murphy	December 14, 2018
WP Maintenance Mode <= 2.0.6 - Missing Authorization	CVE-2018-20155	5.4	Sean Murphy	July 6, 2016
WP Maintenance Mode <= 2.0.6 - Authenticated Information Disclosure	CVE-2018-20154	4.3		July 6, 2016
WP Maintenance Mode <= 1.8.7 - Missing Authorization Checks & Cross-Site Request Forgery	CVE-2013-3250	5.4		June 5, 2013

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation