CVE-2024-38756
📋 TL;DR
This vulnerability in the Weblizar Coming Soon WordPress plugin allows unauthorized actors to access sensitive information due to improper access control restrictions. It affects all versions up to 1.6.3, potentially exposing confidential data to attackers without authentication.
💻 Affected Systems
- Weblizar Coming Soon (WordPress plugin)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive configuration data, user information, or system details that could facilitate further attacks like privilege escalation or data theft.
Likely Case
Unauthenticated users accessing exposed plugin configuration data, potentially revealing site structure or settings that could aid reconnaissance.
If Mitigated
With proper access controls and network segmentation, impact would be limited to information disclosure without direct system compromise.
🎯 Exploit Status
CWE-200 vulnerabilities typically involve simple HTTP requests to exposed endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 1.6.3
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Coming Soon' plugin. 4. Click 'Update Now' if available. 5. If no update available, deactivate and remove plugin.
🔧 Temporary Workarounds
Disable vulnerable plugin
allDeactivate the Coming Soon plugin until patched version is available
Web Application Firewall rule
allBlock access to vulnerable plugin endpoints
# Example WAF rule to block requests to /wp-content/plugins/responsive-coming-soon-page/
🧯 If You Can't Patch
- Implement strict network access controls to limit who can access the WordPress site
- Deploy a web application firewall with rules to detect and block sensitive data exposure attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for 'Coming Soon' plugin version 1.6.3 or earlierCheck Version:
wp plugin list --name='coming-soon' --field=versionVerify Fix Applied:
Verify plugin version is higher than 1.6.3 or plugin is removed📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to /wp-content/plugins/responsive-coming-soon-page/ endpoints
- Multiple 200 responses to plugin-specific URLs from unauthenticated users
Network Indicators:
- HTTP requests to plugin-specific paths without authentication
- Responses containing sensitive data like configuration or user information
SIEM Query:
source="web_logs" AND (uri="/wp-content/plugins/responsive-coming-soon-page/*" OR user_agent LIKE "%scanner%") AND response_code=200