CVE-2025-10638

MEDIUM 5.3

NS Maintenance Mode for WP <= 1.3.1 - Unauthenticated Subscribers Export

CVSS Score

5.3

EPSS Score

0.1%

EPSS Percentile

21th

The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address

Vendor	unknown
Product	ns maintenance mode for wp
Published	Oct 22, 2025
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for unknown ns maintenance mode for wp

Be the first to know when new medium vulnerabilities affecting unknown ns maintenance mode for wp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / NS Maintenance Mode for WP

0 ≤ 1.3.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/1998a079-d986-47fe-907f-d4d295b06603/

Credits

Khaled Alenazi (Nxploited) WPScan