CVE-2024-1462
Maintenance Page <= 1.0.8 - Security Mechanism Bypass via REST API
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode.
| CWE | CWE-284 |
| Vendor | themegrill |
| Product | maintenance page |
| Published | Mar 13, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for themegrill maintenance page
Be the first to know when new medium vulnerabilities affecting themegrill maintenance page are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
themegrill / Maintenance Page
0 โค 1.0.8
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/653bf021-370d-4787-9ded-c5c915aed1d6?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037664%40maintenance-page%2Ftrunk&old=1218033%40maintenance-page%2Ftrunk&sfp_email=&sfph_mail=
Credits
Francesco Carlucci