Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for Coming Soon Page, Under Construction & Maintenance Mode by SeedProd by SeedProd
CVE-2026-39464 (GCVE-0-2026-39464)
Vulnerability from nvd – Published: 2026-04-08 08:30 – Updated: 2026-04-14 15:19
VLAI?
Title
WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 6.19.8 - Server Side Request Forgery (SSRF) vulnerability
Summary
Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.
Severity ?
5.5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SeedProd | Coming Soon Page, Under Construction & Maintenance Mode by SeedProd |
Affected:
0 , ≤ 6.19.8
(custom)
|
Date Public ?
2026-04-08 10:28
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-39464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T15:19:11.234231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:19:39.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "coming-soon",
"product": "Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd",
"vendor": "SeedProd",
"versions": [
{
"changes": [
{
"at": "6.19.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.19.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "timomangcut | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-08T10:28:56.840Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.\u003cp\u003eThis issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.19.8.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.19.8."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "Server Side Request Forgery"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T08:30:06.040Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/coming-soon/vulnerability/wordpress-coming-soon-page-under-construction-maintenance-mode-by-seedprod-plugin-6-19-8-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd plugin \u003c= 6.19.8 - Server Side Request Forgery (SSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-39464",
"datePublished": "2026-04-08T08:30:06.040Z",
"dateReserved": "2026-04-07T10:41:57.169Z",
"dateUpdated": "2026-04-14T15:19:39.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27368 (GCVE-0-2026-27368)
Vulnerability from nvd – Published: 2026-02-19 20:35 – Updated: 2026-04-28 16:15
VLAI?
Title
WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 6.19.8 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SeedProd | Coming Soon Page, Under Construction & Maintenance Mode by SeedProd |
Affected:
0 , ≤ 6.19.8
(custom)
|
Date Public ?
2026-04-01 16:05
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T14:30:34.105909Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:02:26.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "coming-soon",
"product": "Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd",
"vendor": "SeedProd",
"versions": [
{
"changes": [
{
"at": "6.19.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.19.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Legion Hunter | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:05:16.658Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.19.8.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.19.8."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:15:02.356Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/coming-soon/vulnerability/wordpress-coming-soon-page-under-construction-maintenance-mode-by-seedprod-plugin-6-19-7-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd plugin \u003c= 6.19.8 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-27368",
"datePublished": "2026-02-19T20:35:42.391Z",
"dateReserved": "2026-02-19T09:51:54.220Z",
"dateUpdated": "2026-04-28T16:15:02.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24540 (GCVE-0-2025-24540)
Vulnerability from nvd – Published: 2025-01-27 14:22 – Updated: 2026-04-28 16:11
VLAI?
Title
WordPress Website Builder by SeedProd plugin <= 6.18.9 - Cross Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Cross Site Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.18.9.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SeedProd | Coming Soon Page, Under Construction & Maintenance Mode by SeedProd |
Affected:
0 , ≤ 6.18.9
(custom)
|
Date Public ?
2026-04-01 16:33
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T15:37:10.021672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:01:12.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "coming-soon",
"product": "Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd",
"vendor": "SeedProd",
"versions": [
{
"changes": [
{
"at": "6.18.10",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.18.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafie Muhammad | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:33:55.683Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Cross Site Request Forgery.\u003cp\u003eThis issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.18.9.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Cross Site Request Forgery.This issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.18.9."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:11:27.685Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/coming-soon/vulnerability/wordpress-website-builder-by-seedprod-plugin-6-18-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress Website Builder by SeedProd plugin \u003c= 6.18.9 - Cross Site Request Forgery (CSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-24540",
"datePublished": "2025-01-27T14:22:15.109Z",
"dateReserved": "2025-01-23T14:50:05.373Z",
"dateUpdated": "2026-04-28T16:11:27.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47299 (GCVE-0-2024-47299)
Vulnerability from nvd – Published: 2024-10-06 11:42 – Updated: 2026-04-28 16:10
VLAI?
Title
WordPress Website Builder by SeedProd <= 6.17.4 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Stored XSS.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.17.4.
Severity ?
5.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SeedProd | Coming Soon Page, Under Construction & Maintenance Mode by SeedProd |
Affected:
0 , ≤ 6.17.4
(custom)
|
Date Public ?
2026-04-01 16:27
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T13:06:07.044086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T13:08:39.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "coming-soon",
"product": "Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd",
"vendor": "SeedProd",
"versions": [
{
"changes": [
{
"at": "6.18.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:27:43.842Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Stored XSS.\u003cp\u003eThis issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.17.4.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Stored XSS.This issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.17.4."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:18.358Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/coming-soon/vulnerability/wordpress-website-builder-by-seedprod-6-17-4-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress Website Builder by SeedProd \u003c= 6.17.4 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-47299",
"datePublished": "2024-10-06T11:42:29.400Z",
"dateReserved": "2024-09-24T13:00:11.338Z",
"dateUpdated": "2026-04-28T16:10:18.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32088 (GCVE-0-2024-32088)
Vulnerability from nvd – Published: 2024-04-15 09:06 – Updated: 2026-04-28 16:09
VLAI?
Title
WordPress Website Builder plugin <= 6.15.20 - Cross Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.15.20.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SeedProd | Coming Soon Page, Under Construction & Maintenance Mode by SeedProd |
Affected:
n/a , ≤ 6.15.20
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-15T13:13:16.070774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:50:52.852Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:06:43.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/coming-soon/wordpress-website-builder-plugin-6-15-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "coming-soon",
"product": "Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd",
"vendor": "SeedProd",
"versions": [
{
"changes": [
{
"at": "6.15.21",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.15.20",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dhabaleshwar Das (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd.\u003cp\u003eThis issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through 6.15.20.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through 6.15.20."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:33.682Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/coming-soon/wordpress-website-builder-plugin-6-15-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 6.15.21 or a higher version."
}
],
"value": "Update to 6.15.21 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Website Builder plugin \u003c= 6.15.20 - Cross Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32088",
"datePublished": "2024-04-15T09:06:52.696Z",
"dateReserved": "2024-04-10T19:18:42.398Z",
"dateUpdated": "2026-04-28T16:09:33.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39464 (GCVE-0-2026-39464)
Vulnerability from cvelistv5 – Published: 2026-04-08 08:30 – Updated: 2026-04-14 15:19
VLAI?
Title
WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 6.19.8 - Server Side Request Forgery (SSRF) vulnerability
Summary
Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.
Severity ?
5.5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SeedProd | Coming Soon Page, Under Construction & Maintenance Mode by SeedProd |
Affected:
0 , ≤ 6.19.8
(custom)
|
Date Public ?
2026-04-08 10:28
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-39464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T15:19:11.234231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T15:19:39.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "coming-soon",
"product": "Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd",
"vendor": "SeedProd",
"versions": [
{
"changes": [
{
"at": "6.19.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.19.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "timomangcut | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-08T10:28:56.840Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.\u003cp\u003eThis issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.19.8.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.19.8."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "Server Side Request Forgery"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T08:30:06.040Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/coming-soon/vulnerability/wordpress-coming-soon-page-under-construction-maintenance-mode-by-seedprod-plugin-6-19-8-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd plugin \u003c= 6.19.8 - Server Side Request Forgery (SSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-39464",
"datePublished": "2026-04-08T08:30:06.040Z",
"dateReserved": "2026-04-07T10:41:57.169Z",
"dateUpdated": "2026-04-14T15:19:39.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27368 (GCVE-0-2026-27368)
Vulnerability from cvelistv5 – Published: 2026-02-19 20:35 – Updated: 2026-04-28 16:15
VLAI?
Title
WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 6.19.8 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SeedProd | Coming Soon Page, Under Construction & Maintenance Mode by SeedProd |
Affected:
0 , ≤ 6.19.8
(custom)
|
Date Public ?
2026-04-01 16:05
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T14:30:34.105909Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:02:26.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "coming-soon",
"product": "Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd",
"vendor": "SeedProd",
"versions": [
{
"changes": [
{
"at": "6.19.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.19.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Legion Hunter | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:05:16.658Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.19.8.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.19.8."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:15:02.356Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/coming-soon/vulnerability/wordpress-coming-soon-page-under-construction-maintenance-mode-by-seedprod-plugin-6-19-7-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd plugin \u003c= 6.19.8 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-27368",
"datePublished": "2026-02-19T20:35:42.391Z",
"dateReserved": "2026-02-19T09:51:54.220Z",
"dateUpdated": "2026-04-28T16:15:02.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24540 (GCVE-0-2025-24540)
Vulnerability from cvelistv5 – Published: 2025-01-27 14:22 – Updated: 2026-04-28 16:11
VLAI?
Title
WordPress Website Builder by SeedProd plugin <= 6.18.9 - Cross Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Cross Site Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.18.9.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SeedProd | Coming Soon Page, Under Construction & Maintenance Mode by SeedProd |
Affected:
0 , ≤ 6.18.9
(custom)
|
Date Public ?
2026-04-01 16:33
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T15:37:10.021672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:01:12.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "coming-soon",
"product": "Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd",
"vendor": "SeedProd",
"versions": [
{
"changes": [
{
"at": "6.18.10",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.18.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafie Muhammad | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:33:55.683Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Cross Site Request Forgery.\u003cp\u003eThis issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.18.9.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Cross Site Request Forgery.This issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.18.9."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:11:27.685Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/coming-soon/vulnerability/wordpress-website-builder-by-seedprod-plugin-6-18-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress Website Builder by SeedProd plugin \u003c= 6.18.9 - Cross Site Request Forgery (CSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-24540",
"datePublished": "2025-01-27T14:22:15.109Z",
"dateReserved": "2025-01-23T14:50:05.373Z",
"dateUpdated": "2026-04-28T16:11:27.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47299 (GCVE-0-2024-47299)
Vulnerability from cvelistv5 – Published: 2024-10-06 11:42 – Updated: 2026-04-28 16:10
VLAI?
Title
WordPress Website Builder by SeedProd <= 6.17.4 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Stored XSS.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.17.4.
Severity ?
5.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SeedProd | Coming Soon Page, Under Construction & Maintenance Mode by SeedProd |
Affected:
0 , ≤ 6.17.4
(custom)
|
Date Public ?
2026-04-01 16:27
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T13:06:07.044086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T13:08:39.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "coming-soon",
"product": "Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd",
"vendor": "SeedProd",
"versions": [
{
"changes": [
{
"at": "6.18.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:27:43.842Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Stored XSS.\u003cp\u003eThis issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.17.4.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd coming-soon allows Stored XSS.This issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through \u003c= 6.17.4."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:18.358Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/coming-soon/vulnerability/wordpress-website-builder-by-seedprod-6-17-4-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress Website Builder by SeedProd \u003c= 6.17.4 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-47299",
"datePublished": "2024-10-06T11:42:29.400Z",
"dateReserved": "2024-09-24T13:00:11.338Z",
"dateUpdated": "2026-04-28T16:10:18.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-32088 (GCVE-0-2024-32088)
Vulnerability from cvelistv5 – Published: 2024-04-15 09:06 – Updated: 2026-04-28 16:09
VLAI?
Title
WordPress Website Builder plugin <= 6.15.20 - Cross Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.15.20.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SeedProd | Coming Soon Page, Under Construction & Maintenance Mode by SeedProd |
Affected:
n/a , ≤ 6.15.20
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-15T13:13:16.070774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:50:52.852Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:06:43.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/coming-soon/wordpress-website-builder-plugin-6-15-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "coming-soon",
"product": "Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd",
"vendor": "SeedProd",
"versions": [
{
"changes": [
{
"at": "6.15.21",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.15.20",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dhabaleshwar Das (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd.\u003cp\u003eThis issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through 6.15.20.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd.This issue affects Coming Soon Page, Under Construction \u0026 Maintenance Mode by SeedProd: from n/a through 6.15.20."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:33.682Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/coming-soon/wordpress-website-builder-plugin-6-15-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 6.15.21 or a higher version."
}
],
"value": "Update to 6.15.21 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Website Builder plugin \u003c= 6.15.20 - Cross Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32088",
"datePublished": "2024-04-15T09:06:52.696Z",
"dateReserved": "2024-04-10T19:18:42.398Z",
"dateUpdated": "2026-04-28T16:09:33.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}