Does Coming Soon Master have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Coming Soon Master compatible with WordPress 5.3.21?

According to WordPress.org data, Coming Soon Master 1.3.5 has been tested up to WordPress 5.3.21. Check the plugin's changelog for the latest compatibility information.

How often is Coming Soon Master updated?

Coming Soon Master was last updated on Mar 12, 2020. Frequent updates are generally a positive security signal.

What is Coming Soon Master's security score?

Coming Soon Master has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Coming Soon Master Security & Risk Analysis

wordpress.org/plugins/coming-soon-master

Coming Soon Master plugin is modern and responsive coming soon, under construction & maintenance plugin to manage your website while it's und …

70 active installs v1.3.5 PHP + WP 3.5+ Updated Mar 12, 2020

coming-sooncoming-soon-pagelaunch-pagemaintenance-modeunder-construction

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Coming Soon Master Safe to Use in 2026?

Generally Safe

Score 85/100

Coming Soon Master has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The plugin "coming-soon-master" v1.3.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and not performing file operations or external HTTP requests. The absence of known CVEs and a clean vulnerability history are also strong indicators of a relatively well-maintained and secure codebase. However, significant concerns arise from the static analysis.

The presence of 16 dangerous function calls, notably `unserialize`, introduces a potential risk if untrusted data is passed to it without proper sanitization, although no critical or high-severity taint flows were identified in the limited analysis. A major area of concern is the attack surface, with 7 AJAX handlers identified, one of which lacks any authentication checks. This unprotected entry point could be exploited by unauthenticated users to trigger unintended actions.

Furthermore, only 49% of output is properly escaped, leaving a considerable portion vulnerable to Cross-Site Scripting (XSS) attacks if dynamic content is rendered without sufficient sanitization. The limited number of nonce checks (3) relative to the AJAX handlers also suggests potential weaknesses in protecting against Cross-Site Request Forgery (CSRF) attacks. While the plugin has a good track record regarding historical vulnerabilities, the current findings point to areas that require immediate attention to maintain a strong security posture.

Key Concerns

AJAX handler without auth checks
Dangerous function (unserialize) used
Less than 100% output properly escaped
Limited nonce checks relative to entry points

Vulnerabilities

None known

Coming Soon Master Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Coming Soon Master Release Timeline

v1.3.5Current

v1.3.4

v1.3.3

v1.3.2

v1.3.1

v1.3

v1.2

v1.0

Code Analysis

Analyzed Mar 16, 2026

Coming Soon Master Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

110

106 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$csm_plugin_settings_newsletter = unserialize(get_option('csm_plugin_settings_newsletter'));coming-soon-master.php:106

unserialize$csm_dashboard = unserialize(get_option('csm_plugin_settings_dashboard'));functions\get-save-data.php:11

unserialize$csm_templates = unserialize(get_option('csm_plugin_settings_templates'));functions\get-save-data.php:32

unserialize$csm_seo = unserialize(get_option('csm_plugin_settings_seo'));functions\get-save-data.php:55

unserialize$csm_page_settings = unserialize(get_option('csm_plugin_settings_page_settings'));functions\get-save-data.php:76

unserialize$csm_countdown = unserialize(get_option('csm_plugin_settings_countdown'));functions\get-save-data.php:102

unserialize$csm_button = unserialize(get_option('csm_plugin_settings_button'));functions\get-save-data.php:126

unserialize$csm_basic_styling = unserialize(get_option('csm_plugin_settings_basic_styling'));functions\get-save-data.php:144

unserialize$csm_about_us = unserialize(get_option('csm_plugin_settings_about_us'));functions\get-save-data.php:163

unserialize$csm_contact_us = unserialize(get_option('csm_plugin_settings_contact_us'));functions\get-save-data.php:188

unserialize$csm_newsletter = unserialize(get_option('csm_plugin_settings_newsletter'));functions\get-save-data.php:215

unserialize$csm_subscription = unserialize(get_option('csm_plugin_settings_subscription'));functions\get-save-data.php:238

unserialize$csm_social = unserialize(get_option('csm_plugin_settings_social'));functions\get-save-data.php:261

unserialize$csm_copyright = unserialize(get_option('csm_plugin_settings_copyright'));functions\get-save-data.php:281

unserialize$csm_dashboard = unserialize(get_option('csm_plugin_settings_dashboard'));redirect.php:16

unserialize$csm_plugin_settings_dashboard = unserialize(get_option('csm_plugin_settings_dashboard'));redirect.php:83

Output Escaping

49% escaped216 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

csm_save_page_settings (functions\data-save-post.php:4)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Coming Soon Master Attack Surface

Entry Points7

Unprotected1

AJAX Handlers 7

noprivwp_ajax_subscribeformcoming-soon-master.php:98

authwp_ajax_action_csm_page_setting_save_postfunctions\data-save-post.php:2

noprivwp_ajax_action_csm_page_setting_save_postfunctions\data-save-post.php:3

authwp_ajax_action_csm_page_setting_reset_postfunctions\data-save-post.php:209

noprivwp_ajax_action_csm_page_setting_reset_postfunctions\data-save-post.php:210

authwp_ajax_action_csm_all_pages_setting_resetfunctions\data-save-post.php:223

noprivwp_ajax_action_csm_all_pages_setting_resetfunctions\data-save-post.php:224

WordPress Hooks 5

actionplugins_loadedcoming-soon-master.php:14

actionadmin_menucoming-soon-master.php:26

filterplugin_action_linkscoming-soon-master.php:37

actiontemplate_redirectredirect.php:10

actionadmin_bar_menuredirect.php:79

Maintenance & Trust

Coming Soon Master Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21

Last updatedMar 12, 2020

PHP min version

Downloads9K

Community Trust

Rating0/100

Number of ratings0

Active installs70

Alternatives

Coming Soon Master Alternatives

CMP – Coming Soon & Maintenance Plugin by NiteoThemes

cmp-coming-soon-maintenance

Beautiful Coming soon, Maintenance or Landing page on your website, packed with premium features for free.

200K 7 CVEs

Perfect Coming Soon Page

perfect-coming-soon-page

Perfect Coming Soon page enables you to use a light weighted plugin for multiple needs of coming soon,underconstruction or offline mode.

200 No CVEs

Coming Soon Counter Page / Maintenance Mode – Lacoming Soon

coming-soon-counter-page-maintenance-mode-lacoming-soon

Lasoon is a creative and professional coming soon WordPress Plugin built with the Bootstrap.

60 No CVEs

Coming Soon & Maintenance Mode Page & Under Construction

nifty-coming-soon-and-under-construction-page

Nifty Coming Soon & Maintenance Page creates awesome Coming Soon & Maintenance Pages.

20K 2 CVEs

Coming Soon Page & Maintenance Mode

responsive-coming-soon

Coming Soon Plugin and Maintenance Mode plugin with Launch page & site offline plugin for your Website while it's under construction.

3K 3 CVEs

Developer Profile

Coming Soon Master Developer Profile

WebHunt Infotech

2 plugins · 150 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Coming Soon Master

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/coming-soon-master/dist/css/bootstrap.css/wp-content/plugins/coming-soon-master/dist/css/AdminLTE.css/wp-content/plugins/coming-soon-master/dist/css/font-awesome.css/wp-content/plugins/coming-soon-master/dist/css/skin-blue.css/wp-content/plugins/coming-soon-master/dist/css/smart-forms.css/wp-content/plugins/coming-soon-master/dist/css/smart-addons.css/wp-content/plugins/coming-soon-master/dist/css/preloader.css/wp-content/plugins/coming-soon-master/dist/js/bootstrap.min.js+7 more

HTML / DOM Fingerprints

CSS Classes

skin-bluesmart-formssmart-addons

HTML Comments

Coming Soon Master Menuplugin menu name for coming soon pluginadd hook to add styles and scripts for Admin Custom Login admin pageplugin action links (Settings)+7 more

Data Attributes

data-hook="dashboard"data-hook="templates"data-hook="seo"

JS Globals

csm_obj

REST Endpoints

/wp-json/coming-soon-master/v1/settings

FAQ