Does Under Construction, Coming Soon & Maintenance Mode have any unpatched vulnerabilities?

No. All known vulnerabilities in Under Construction, Coming Soon & Maintenance Mode have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Under Construction, Coming Soon & Maintenance Mode compatible with WordPress 6.9.4?

According to WordPress.org data, Under Construction, Coming Soon & Maintenance Mode 2.1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

What is Under Construction, Coming Soon & Maintenance Mode's security score?

Under Construction, Coming Soon & Maintenance Mode has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Under Construction, Coming Soon & Maintenance Mode Security & Risk Analysis

wordpress.org/plugins/under-construction-maintenance-mode

Under Construction is a simple plugin for setting up Under Construction, Coming Soon and Maintenance Mode using WordPress Customizer.

10K active installs v2.1.1 PHP + WP 5.0+ Updated Jan 5, 2026

coming-sooncomingsoonmaintenancemaintenance-modeunder-construction

A · Safe

CVEs total2

Unpatched0

Last CVEFeb 27, 2021

Plugin page Download

Safety Verdict

Is Under Construction, Coming Soon & Maintenance Mode Safe to Use in 2026?

Generally Safe

Score 99/100

Under Construction, Coming Soon & Maintenance Mode has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Feb 27, 2021Updated 2mo ago

Risk Assessment

The "under-construction-maintenance-mode" plugin v2.1.1 exhibits a mixed security posture. While it has no known critical vulnerabilities and boasts a lack of dangerous functions, file operations, and external HTTP requests, several concerns arise from the static analysis. The presence of two unprotected AJAX handlers significantly increases the attack surface, providing potential entry points for unauthorized actions. Furthermore, the static analysis reveals a single SQL query that does not utilize prepared statements, posing a risk of SQL injection. The output escaping is also a concern, with only 16% of outputs being properly escaped, leaving room for cross-site scripting (XSS) vulnerabilities. The plugin's vulnerability history shows two past CVEs, including one high and one medium severity, both related to Server-Side Request Forgery (SSRF). While there are no currently unpatched CVEs, this history indicates a past tendency towards exploitable flaws, particularly SSRF, which warrants careful monitoring. Overall, the plugin has some strong security foundations but requires immediate attention regarding its unprotected AJAX endpoints and SQL query handling.

Key Concerns

Unprotected AJAX handlers
SQL queries without prepared statements
Low percentage of properly escaped output
History of high severity CVE (SSRF)
History of medium severity CVE (SSRF)

Vulnerabilities

Under Construction, Coming Soon & Maintenance Mode Security Vulnerabilities

CVEs by Year

2 CVEs in 2021

2021

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

WF-5f6b88fb-1070-427b-a51f-23fbede3dd59-under-construction-maintenance-modemedium · 6.1Server-Side Request Forgery (SSRF)

Under Construction, Coming Soon & Maintenance Mode <= 1.1.1 - Server Side Request Forgery

Feb 27, 2021 Patched in 1.1.2 (1060d)

WF-86c1b729-e8fe-46e8-8d57-c6312087c6b2-under-construction-maintenance-modehigh · 7.2Server-Side Request Forgery (SSRF)

Under Construction, Coming Soon & Maintenance Mode <= 1.1.1 - Server Side Request Forgery

Feb 27, 2021 Patched in 1.1.2 (1060d)

Code Analysis

Analyzed Mar 16, 2026

Under Construction, Coming Soon & Maintenance Mode Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

124

23 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

16% escaped147 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

ucmm_review_notice_message (classes\plugin-meta.php:163)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Under Construction, Coming Soon & Maintenance Mode Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 4

authwp_ajax_ucmm_helpclasses\ucmm-wpbrigade-setup.php:21

authwp_ajax_ucmm_mc_apiunder-construction-maintenance-mode.php:118

noprivwp_ajax_ucmm_mc_apiunder-construction-maintenance-mode.php:119

authwp_ajax_ucmm_optout_yesunder-construction-maintenance-mode.php:126

WordPress Hooks 20

actioncustomize_registerclasses\customizer.php:13

filterplugin_row_metaclasses\plugin-meta.php:13

actionplugin_action_linksclasses\plugin-meta.php:14

actionadmin_initclasses\plugin-meta.php:16

actionadmin_noticesclasses\plugin-meta.php:154

actionadmin_enqueue_scriptsclasses\ucmm-wpbrigade-settings-api.php:27

actionadmin_initclasses\ucmm-wpbrigade-setup.php:19

actionadmin_menuclasses\ucmm-wpbrigade-setup.php:20

actioninitunder-construction-maintenance-mode.php:110

actioninitunder-construction-maintenance-mode.php:111

actionadmin_enqueue_scriptsunder-construction-maintenance-mode.php:112

actionwpunder-construction-maintenance-mode.php:113

actionadmin_menuunder-construction-maintenance-mode.php:114

actioncustomize_controls_enqueue_scriptsunder-construction-maintenance-mode.php:117

actionadmin_bar_menuunder-construction-maintenance-mode.php:120

actionadmin_footerunder-construction-maintenance-mode.php:121

actionadmin_initunder-construction-maintenance-mode.php:123

actionadmin_footerunder-construction-maintenance-mode.php:124

actionadmin_menuunder-construction-maintenance-mode.php:125

actionwp_wpb_sdk_after_uninstallunder-construction-maintenance-mode.php:127

Maintenance & Trust

Under Construction, Coming Soon & Maintenance Mode Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 5, 2026

PHP min version

Downloads214K

Community Trust

Rating92/100

Number of ratings43

Active installs10K

Alternatives

Under Construction, Coming Soon & Maintenance Mode Alternatives

CMP – Coming Soon & Maintenance Plugin by NiteoThemes

cmp-coming-soon-maintenance

Beautiful Coming soon, Maintenance or Landing page on your website, packed with premium features for free.

200K 6 CVEs

Coming soon and Maintenance mode

coming-soon-page

Coming soon and Maintenance mode plugin is an awesome tool to show your website visitors that you are working on your website for making it better.

9K 4 CVEs

Ultimate Coming Soon & Maintenance

ultimate-coming-soon

Best Coming Soon, Under Construction, Maintenance Mode, and Landing Page for your website get advanced features for free.

9K 3 CVEs

Coming Soon & Maintenance Mode by Colorlib

colorlib-coming-soon-maintenance

Create a coming soon page or maintenance mode screen with 15 responsive templates, countdown timer, MailChimp subscribe form, and social media links.

7K 2 CVEs

Coming Soon Page & Maintenance Mode

responsive-coming-soon

Coming Soon Plugin and Maintenance Mode plugin with Launch page & site offline plugin for your Website while it's under construction.

3K 3 CVEs

Developer Profile

Under Construction, Coming Soon & Maintenance Mode Developer Profile

WPBrigade

1 plugin · 10K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

1060 days

View full developer profile

Detection Fingerprints

How We Detect Under Construction, Coming Soon & Maintenance Mode

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/under-construction-maintenance-mode/assets/css/ucmm-style.css/wp-content/plugins/under-construction-maintenance-mode/assets/js/ucmm-script.js/wp-content/plugins/under-construction-maintenance-mode/assets/js/ucmm-countdown.js/wp-content/plugins/under-construction-maintenance-mode/admin/css/ucmm-admin-styles.css/wp-content/plugins/under-construction-maintenance-mode/admin/js/ucmm-admin-scripts.js/wp-content/plugins/under-construction-maintenance-mode/admin/js/ucmm-admin-customizer.js

Script Paths

/wp-content/plugins/under-construction-maintenance-mode/assets/js/ucmm-script.js/wp-content/plugins/under-construction-maintenance-mode/assets/js/ucmm-countdown.js/wp-content/plugins/under-construction-maintenance-mode/admin/js/ucmm-admin-scripts.js/wp-content/plugins/under-construction-maintenance-mode/admin/js/ucmm-admin-customizer.js

Version Parameters

under-construction-maintenance-mode/assets/css/ucmm-style.css?ver=under-construction-maintenance-mode/assets/js/ucmm-script.js?ver=under-construction-maintenance-mode/assets/js/ucmm-countdown.js?ver=under-construction-maintenance-mode/admin/css/ucmm-admin-styles.css?ver=under-construction-maintenance-mode/admin/js/ucmm-admin-scripts.js?ver=under-construction-maintenance-mode/admin/js/ucmm-admin-customizer.js?ver=

HTML / DOM Fingerprints

CSS Classes

ucmm-admin-settingsucmm-settings-wrapucmm-sectionucmm-fielducmm-maintenance-contentucmm-countdown-wrapper

HTML Comments

Data Attributes

data-ucmm-countdowndata-countdown-enddata-countdown-label-daysdata-countdown-label-hoursdata-countdown-label-minutesdata-countdown-label-seconds

JS Globals

ucmm_admin_ajax_objectucmm_scripts_varsUCMM_Admin

REST Endpoints

/wp-json/ucmm-wpbrigade/v1/settings

FAQ