VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 7 known issues Latest disclosed Apr 17, 2026

CMP – Coming Soon & Maintenance Plugin by NiteoThemes Vulnerabilities

Review known vulnerability records for the WordPress plugin CMP – Coming Soon & Maintenance Plugin by NiteoThemes (`cmp-coming-soon-maintenance`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-6518, CVE-2025-32118 and CVE-2023-50374, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
7
High or Critical
3
Patch Coverage
100%
Last Updated
Apr 17, 2026
Priority CVE Quick Links

Fast paths into CMP – Coming Soon & Maintenance Plugin by NiteoThemes CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
7
CVE-2026-6518 High 4.1.17
CVE-2026-6518 CMP – Coming Soon & Maintenance Plugin by NiteoThemes Remote Code Execution

CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code Execution

CVE-2020-36730 High 3.8.2
CVE-2020-36730 CMP – Coming Soon & Maintenance Plugin by NiteoThemes Authorization Bypass

CMP <= 3.8.1 - Missing Authorization

CVE-2025-32118 High 4.1.15
CVE-2025-32118 CMP – Coming Soon & Maintenance Plugin by NiteoThemes Remote Code Execution

CMP – Coming Soon & Maintenance <= 4.1.13 - Authenticated (Admin+) Arbitrary File Upload

CVE-2023-50374 Medium 4.1.11
CVE-2023-50374 CMP – Coming Soon & Maintenance Plugin by NiteoThemes Server-Side Request Forgery

CMP – Coming Soon & Maintenance <= 4.1.10 - Authenticated (Admin+) Server-Side Request Forgery

CVE-2023-2159 Medium 4.1.8
CVE-2023-2159 CMP – Coming Soon & Maintenance Plugin by NiteoThemes Vulnerability

CMP – Coming Soon & Maintenance <= 4.1.7 - Maintenance Mode Bypass

CVE-2023-1263 Medium 4.1.7
CVE-2023-1263 CMP – Coming Soon & Maintenance Plugin by NiteoThemes Vulnerability

CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure

CVE-2022-0188 Medium 4.0.19
CVE-2022-0188 CMP – Coming Soon & Maintenance Plugin by NiteoThemes Vulnerability

CMP - Coming Soon & Maintenance Plugin <= 4.0.18 - Unauthenticated Arbitrary CSS Update

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for CMP – Coming Soon & Maintenance Plugin by NiteoThemes so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
7 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 3 high severity findings.
Recent CVEs
CVE-2026-6518, CVE-2025-32118 and CVE-2023-50374
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for CMP – Coming Soon & Maintenance Plugin by NiteoThemes

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2026-6518
CVE-2026-6518: CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.16 - Missing Authorization to Authenticated (Administrator+) Arbitrary File Upload and Remote Code Execution

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `cmp_theme_update_install` AJAX action. This is due to the function only checking f...

Published
Apr 17, 2026
Patched Release
4.1.17
Affected Versions
Versions up to 4.1.16
Next Step
Update to 4.1.17 or newer if supported.
Open CVE-2026-6518 Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-32118
CVE-2025-32118: CMP – Coming Soon & Maintenance <= 4.1.13 - Authenticated (Admin+) Arbitrary File Upload

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.1.13. This makes it possible for authenticated attackers, with Administrator-level ac...

Published
Apr 04, 2025
Patched Release
4.1.15
Affected Versions
Versions up to 4.1.13
Next Step
Update to 4.1.15 or newer if supported.
Open CVE-2025-32118 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-50374
CVE-2023-50374: CMP – Coming Soon & Maintenance <= 4.1.10 - Authenticated (Admin+) Server-Side Request Forgery

The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.10. This makes it possible for authenticated attackers, with administrator-level access and above, to make web req...

Published
Mar 27, 2024
Patched Release
4.1.11
Affected Versions
Versions up to 4.1.10
Next Step
Update to 4.1.11 or newer if supported.
Open CVE-2023-50374 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-2159
CVE-2023-2159: CMP – Coming Soon & Maintenance <= 4.1.7 - Maintenance Mode Bypass

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Maintenance Mode Bypass in versions up to, and including, 4.1.7. A correct cmp_bypass GET parameter in the URL (equal to the md5-hashed home_url in the default setting) allows users to visit a site placed i...

Published
Apr 18, 2023
Patched Release
4.1.8
Affected Versions
Versions up to 4.1.7
Next Step
Update to 4.1.8 or newer if supported.
Open CVE-2023-2159 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-1263
CVE-2023-1263: CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure

The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published...

Published
Mar 07, 2023
Patched Release
4.1.7
Affected Versions
Versions up to 4.1.6
Next Step
Update to 4.1.7 or newer if supported.
Open CVE-2023-1263 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-0188
CVE-2022-0188: CMP - Coming Soon & Maintenance Plugin <= 4.0.18 - Unauthenticated Arbitrary CSS Update

The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout.

Published
Jan 17, 2022
Patched Release
4.0.19
Affected Versions
Versions before 4.0.19
Next Step
Update to 4.0.19 or newer if supported.
Open CVE-2022-0188 Report Open CVE Reference
Plugin High Patched: Yes CVE-2020-36730
CVE-2020-36730: CMP <= 3.8.1 - Missing Authorization

The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attacker...

Published
Aug 04, 2020
Patched Release
3.8.2
Affected Versions
Versions up to 3.8.1
Next Step
Update to 3.8.2 or newer if supported.
Open CVE-2020-36730 Report Open CVE Reference