Aitasi Coming Soon Security & Risk Analysis

wordpress.org/plugins/aitasi-coming-soon

Aitasi Coming Soon - A fully Responsive coming soon landing page and install in your WordPress site quickly and easily.

1K active installs v2.0.2 PHP + WP 4.0+ Updated Jan 25, 2024
coming-sooncoming-soon-pageconstructionlanding-pagelaunch
63
C · Use Caution
CVEs total1
Unpatched1
Last CVESep 5, 2025
Safety Verdict

Is Aitasi Coming Soon Safe to Use in 2026?

Use With Caution

Score 63/100

Aitasi Coming Soon has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Sep 5, 2025Updated 2yr ago
Risk Assessment

The 'aitasi-coming-soon' v2.0.2 plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query handling with 100% prepared statements and includes nonce and capability checks, significant concerns arise from its attack surface and code signals. The presence of an unprotected AJAX handler is a critical vulnerability, as it represents a direct entry point for malicious actors. Furthermore, the use of dangerous functions like 'unserialize' and 'create_function' raises red flags, especially in conjunction with the taint analysis indicating flows with unsanitized paths. This combination suggests a high risk of code injection or deserialization vulnerabilities if user-supplied data can influence these functions.

The vulnerability history, though showing only one medium-severity CVE, is concerning due to its recent discovery date (2025-09-05) and the fact that it remains unpatched. The common vulnerability type being 'Deserialization of Untrusted Data' directly aligns with the 'unserialize' function identified in the static analysis. This historical pattern strongly suggests a recurring weakness that needs immediate attention. The low percentage of properly escaped output (7%) further amplifies the risk, increasing the likelihood of cross-site scripting (XSS) attacks, especially when combined with the unprotected entry points.

In conclusion, despite some positive security implementations, the 'aitasi-coming-soon' v2.0.2 plugin has critical security weaknesses. The unprotected AJAX handler, use of dangerous functions, unsanitized taint flows, and an unpatched deserialization vulnerability pose a significant threat. The poorly escaped output exacerbates these risks. Immediate patching of the known CVE and a thorough review and remediation of the identified code signals and attack surface are strongly recommended.

Key Concerns

  • Unprotected AJAX handler
  • Dangerous function: unserialize
  • Dangerous function: create_function
  • Flows with unsanitized paths
  • Low output escaping percentage
  • Unpatched CVE (medium severity)
  • Vulnerability history: Deserialization
Vulnerabilities
1 published

Aitasi Coming Soon Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-58815medium · 6.6Deserialization of Untrusted Data

Aitasi Coming Soon <= 2.0.2 - Authenticated (Administrator+) PHP Object Injection

Sep 5, 2025Unpatched
Version History

Aitasi Coming Soon Release Timeline

v2.0.11 CVE
v2.01 CVE
v1.0.21 CVE
v1.0.11 CVE
v1.01 CVE
Code Analysis
Analyzed Mar 16, 2026

Aitasi Coming Soon Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
218
16 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserializereturn unserialize( gzuncompress( stripslashes( call_user_func( 'base'. '64' .'_decode', rtrim( strtadmin\codestar-framework\functions\helpers.php:84
create_function$callback = create_function( '', 'echo "' . str_replace( '"', '\"', $section['desc'] ) . '";'admin\settings.php:115

Bundled Libraries

jQuery

Output Escaping

7% escaped234 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
admin_page (admin\codestar-framework\classes\framework.class.php:330)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Aitasi Coming Soon Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_cs-get-iconsadmin\codestar-framework\functions\actions.php:44
WordPress Hooks 26
actioninitadmin\codestar-framework\cs-framework.php:77
actionadmin_footeradmin\codestar-framework\functions\actions.php:64
actioncustomize_controls_print_footer_scriptsadmin\codestar-framework\functions\actions.php:65
actionadmin_enqueue_scriptsadmin\codestar-framework\functions\enqueue.php:39
filtercs_sanitize_textadmin\codestar-framework\functions\sanitize.php:14
filtercs_sanitize_textareaadmin\codestar-framework\functions\sanitize.php:32
filtercs_sanitize_checkboxadmin\codestar-framework\functions\sanitize.php:58
filtercs_sanitize_switcheradmin\codestar-framework\functions\sanitize.php:59
filtercs_sanitize_image_selectadmin\codestar-framework\functions\sanitize.php:88
filtercs_sanitize_groupadmin\codestar-framework\functions\sanitize.php:104
filtercs_sanitize_titleadmin\codestar-framework\functions\sanitize.php:119
filtercs_sanitize_cleanadmin\codestar-framework\functions\sanitize.php:134
filtercs_validate_emailadmin\codestar-framework\functions\validate.php:18
filtercs_validate_numericadmin\codestar-framework\functions\validate.php:37
filtercs_validate_requiredadmin\codestar-framework\functions\validate.php:54
filtercs_framework_settingsadmin\inc\configstar.php:30
filtercs_framework_optionsadmin\inc\configstar.php:265
actionadmin_initadmin\options.php:11
actionadmin_menuadmin\options.php:12
actionadmin_enqueue_scriptsadmin\settings.php:28
actionplugins_loadedaitasi.php:21
actionadmin_enqueue_scriptsaitasi.php:54
actiontemplate_redirectaitasi.php:81
actionadmin_initaitasi.php:120
actionwp_headincludes\color-customize.php:52
actionwp_enqueue_scriptsincludes\functions.php:30
Maintenance & Trust

Aitasi Coming Soon Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedJan 25, 2024
PHP min version
Downloads44K

Community Trust

Rating92/100
Number of ratings12
Active installs1K
Developer Profile

Aitasi Coming Soon Developer Profile

Rubel Miah

1 plugin · 1K total installs

68
trust score
Avg Security Score
63/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Aitasi Coming Soon

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/aitasi-coming-soon/admin/inc/admin-scripts.js/wp-content/plugins/aitasi-coming-soon/admin/inc/jquery-ui.css
Script Paths
/wp-content/plugins/aitasi-coming-soon/admin/codestar-framework/cs-framework.php

HTML / DOM Fingerprints

CSS Classes
aitasi-coming-soon-body
HTML Comments
<!-- aitasi coming soon & maintenance mode by ShapedPlugin --><!-- End ITASi Coming Soon & Maintenance Mode --><!-- End Aitasi coming soon & maintenance mode --><!-- End Coming Soon & Maintenance Mode -->+3 more
Data Attributes
data-aitasi-coming-soon
JS Globals
aitasi_coming_soon_options
FAQ

Frequently Asked Questions about Aitasi Coming Soon