CMP – Coming Soon & Maintenance Plugin by NiteoThemes

Vulnerabilities 14Slug cmp-coming-soon-maintenanceLatest version 4.1.17WordPress.org →

Minimum safe version

4.1.17

Update to 4.1.17 or later to address 14 fixable vulnerabilities

Latest available4.1.17 ✓

High 8.8

2026-04-18< 4.1.17

CVE-2026-6518

CVE Wordfence

Critical 9.1

2025-04-04< 4.1.15

CVE-2025-32118

CVE Patchstack Wordfence EUVD

Medium 5.5

2024-03-28< 4.1.11

CVE-2023-50374

CVE Wordfence Patchstack WPScan

High 8.3

2023-06-07< 3.8.2

CVE-2020-36730

CVE

Medium 5.3

2023-06-09< 4.1.8

CVE-2023-2159

CVE Patchstack Wordfence WPScan

Medium 5.3

2023-03-08< 4.1.7

WordPress CMP – Coming Soon & Maintenance Plugin <= 4.1.6 is vulnerable to Sensitive Data Exposure

Patchstack CVE Wordfence WPScan

N/A

2020-08-04< 3.8.2

CMP <= 3.8.1 - Missing Authorization

Wordfence

N/A

< 3.8.2

CMP - Coming Soon & Maintenance < 3.8.2 - Improper Access Controls on AJAX Calls

WPScan

N/A

2020-08-04< 3.8.2

WordPress CMP – Coming Soon & Maintenance plugin <= 3.8.1 - Unauthenticated Plugin Deactivation vulnerability

Patchstack

N/A

2020-08-04< 3.8.2

WordPress CMP – Coming Soon & Maintenance plugin <= 3.8.1 - Unauthenticated Subscribers List Export vulnerability

Patchstack

N/A

2020-08-04< 3.8.2

WordPress CMP – Coming Soon & Maintenance plugin <= 3.8.1 - Arbitrary Post Read (draft, pending, private or even password-protected) vulnerability

Patchstack

N/A

2021-05-02< 4.0.10

WordPress CMP – Coming Soon & Maintenance plugin <= 4.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Patchstack

N/A

2021-05-02< 4.0.10

WordPress CMP – Coming Soon & Maintenance plugin <= 4.0.9 - Authenticated Remote Code Execution (RCE) vulnerability

Patchstack

Medium 5.3

2022-02-14< 4.0.19

CVE-2022-0188

CVE Patchstack Wordfence WPScan