WP-Safety

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder Security & Risk Analysis

wordpress.org/plugins/wp-maintenance-mode

Easy Drag & Drop Page Builder that adds a splash page to your site that it's perfect for a coming soon page, maintenance or landing page.

500K active installs v2.6.20 PHP 7.1+ WP 4.7+ Updated Dec 10, 2025
adminadministrationcoming-soonmaintenance-modeunavailable
96
A · Safe
CVEs total6
Unpatched0
Last CVEJan 5, 2024
Download
Safety Verdict

Is LightStart – Maintenance Mode, Coming Soon and Landing Page Builder Safe to Use in 2026?

Generally Safe

Score 96/100

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Jan 5, 2024Updated 3mo ago
Risk Assessment

The "wp-maintenance-mode" plugin v2.6.20 exhibits a mixed security posture. While it demonstrates good practices in output escaping (94% properly escaped) and utilizes prepared statements for half of its SQL queries, several significant concerns are present. The static analysis reveals a substantial attack surface with 17 AJAX handlers, one of which lacks authentication checks. This unprotected entry point is a critical security risk that could allow unauthorized actions. Furthermore, the taint analysis identified two high-severity flows with unsanitized paths, indicating potential vulnerabilities in how user-supplied data is processed, which could lead to unexpected or malicious behavior.

The plugin's vulnerability history, with 6 known CVEs including one critical and one high severity, is a major red flag. The prevalence of common vulnerability types like CSRF, improper input validation, missing authorization, and information exposure suggests recurring security weaknesses that have not been fully remediated or have re-emerged. The last known vulnerability being quite recent (January 2024) further emphasizes the ongoing need for vigilance.

In conclusion, despite some strengths in secure coding practices like output escaping, the "wp-maintenance-mode" plugin v2.6.20 has notable weaknesses. The unprotected AJAX handler and high-severity taint flows present immediate risks. The historical pattern of significant vulnerabilities suggests a recurring need for security audits and robust fixes. Users should be aware of these risks and ensure they are using the most secure version or consider alternatives if these issues are not addressed.

Key Concerns

  • Unprotected AJAX handler found
  • High severity taint flows with unsanitized paths
  • 1 critical known CVE
  • 1 high known CVE
  • 4 medium known CVEs
  • Improper Input Validation vulnerability history
  • Missing Authorization vulnerability history
  • Exposure of Sensitive Information vulnerability history
  • 50% of SQL queries not using prepared statements
Vulnerabilities
6

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2013
2013
2 CVEs in 2016
2016
1 CVE in 2018
2018
1 CVE in 2022
2022
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
4

6 total CVEs

CVE-2023-7019medium · 4.3Missing Authorization

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder <= 2.6.8 - Missing Authorization

Jan 5, 2024 Patched in 2.6.9 (207d)
CVE-2022-1576high · 8.8Cross-Site Request Forgery (CSRF)

WP Maintenance Mode & Coming Soon <= 2.4.4 - Cross-Site Request Forgery

Jun 20, 2022 Patched in 2.4.5 (582d)
CVE-2018-20156critical · 9.1Improper Input Validation

WP Maintenance Mode <= 2.0.6 - Remote Code Execution

Dec 14, 2018 Patched in 2.0.7 (1866d)
CVE-2018-20155medium · 5.4Missing Authorization

WP Maintenance Mode <= 2.0.6 - Missing Authorization

Jul 6, 2016 Patched in 2.0.7 (2757d)
CVE-2018-20154medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

WP Maintenance Mode <= 2.0.6 - Authenticated Information Disclosure

Jul 6, 2016 Patched in 2.0.7 (2757d)
CVE-2013-3250medium · 5.4Cross-Site Request Forgery (CSRF)

WP Maintenance Mode <= 1.8.7 - Missing Authorization Checks & Cross-Site Request Forgery

Jun 5, 2013 Patched in 1.8.8 (3884d)
Code Analysis
Analyzed Mar 16, 2026

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
5 prepared
Unescaped Output
23
347 escaped
Nonce Checks
15
Capability Checks
6
File Operations
4
External Requests
1
Bundled Libraries
1

Bundled Libraries

jQuery

SQL Query Safety

50% prepared10 total queries

Output Escaping

94% escaped370 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
insert_template (includes\classes\wp-maintenance-mode-admin.php:695)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder Attack Surface

Entry Points17
Unprotected1

AJAX Handlers 17

authwp_ajax_wpmm_subscribers_exportincludes\classes\wp-maintenance-mode-admin.php:56
authwp_ajax_wpmm_subscribers_empty_listincludes\classes\wp-maintenance-mode-admin.php:57
authwp_ajax_wpmm_dismiss_noticesincludes\classes\wp-maintenance-mode-admin.php:58
authwp_ajax_wpmm_reset_settingsincludes\classes\wp-maintenance-mode-admin.php:59
authwp_ajax_wpmm_select_pageincludes\classes\wp-maintenance-mode-admin.php:60
authwp_ajax_wpmm_insert_templateincludes\classes\wp-maintenance-mode-admin.php:61
authwp_ajax_wpmm_skip_insert_templateincludes\classes\wp-maintenance-mode-admin.php:62
authwp_ajax_wpmm_skip_wizardincludes\classes\wp-maintenance-mode-admin.php:63
authwp_ajax_wpmm_subscribeincludes\classes\wp-maintenance-mode-admin.php:64
authwp_ajax_wpmm_change_template_categoryincludes\classes\wp-maintenance-mode-admin.php:65
authwp_ajax_wpmm_toggle_gutenbergincludes\classes\wp-maintenance-mode-admin.php:66
authwp_ajax_wpmm_update_sdk_optionsincludes\classes\wp-maintenance-mode-admin.php:67
noprivwp_ajax_wpmm_add_subscriberincludes\classes\wp-maintenance-mode.php:94
authwp_ajax_wpmm_add_subscriberincludes\classes\wp-maintenance-mode.php:95
noprivwp_ajax_wpmm_send_contactincludes\classes\wp-maintenance-mode.php:96
authwp_ajax_wpmm_send_contactincludes\classes\wp-maintenance-mode.php:97
authwp_ajax_wp_ajax_install_pluginincludes\functions\hooks.php:34
WordPress Hooks 41
actioninitincludes\classes\wp-maintenance-mode-admin.php:27
actionadmin_enqueue_scriptsincludes\classes\wp-maintenance-mode-admin.php:30
actionadmin_enqueue_scriptsincludes\classes\wp-maintenance-mode-admin.php:31
actionadmin_menuincludes\classes\wp-maintenance-mode-admin.php:34
actionadmin_headincludes\classes\wp-maintenance-mode-admin.php:35
actionnetwork_admin_menuincludes\classes\wp-maintenance-mode-admin.php:36
actionadmin_initincludes\classes\wp-maintenance-mode-admin.php:38
actionadmin_noticesincludes\classes\wp-maintenance-mode-admin.php:49
actionnetwork_admin_noticesincludes\classes\wp-maintenance-mode-admin.php:52
actionnetwork_admin_noticesincludes\classes\wp-maintenance-mode-admin.php:53
actionadmin_post_wpmm_save_settingsincludes\classes\wp-maintenance-mode-admin.php:70
filteradmin_footer_textincludes\classes\wp-maintenance-mode-admin.php:73
filteradmin_body_classincludes\classes\wp-maintenance-mode-admin.php:76
filterdisplay_post_statesincludes\classes\wp-maintenance-mode-admin.php:79
filterthemeisle_sdk_blackfriday_dataincludes\classes\wp-maintenance-mode-admin.php:81
filtersafe_style_cssincludes\classes\wp-maintenance-mode-admin.php:472
actioninitincludes\classes\wp-maintenance-mode.php:67
actioninitincludes\classes\wp-maintenance-mode.php:70
actionadmin_initincludes\classes\wp-maintenance-mode.php:77
filtertheme_page_templatesincludes\classes\wp-maintenance-mode.php:80
filtertemplate_includeincludes\classes\wp-maintenance-mode.php:81
actionwpmm_headincludes\classes\wp-maintenance-mode.php:85
actionwpmm_footerincludes\classes\wp-maintenance-mode.php:86
actionotter_form_after_submitincludes\classes\wp-maintenance-mode.php:98
filterwpo_purge_all_cache_on_updateincludes\classes\wp-maintenance-mode.php:101
filterpre_option_page_on_frontincludes\classes\wp-maintenance-mode.php:109
actioninitincludes\classes\wp-maintenance-mode.php:131
actionwpmm_headincludes\classes\wp-maintenance-mode.php:134
actionwpmm_headincludes\classes\wp-maintenance-mode.php:135
actionwpmm_headincludes\classes\wp-maintenance-mode.php:138
actionwpmm_before_scriptsincludes\classes\wp-maintenance-mode.php:141
actionwpmm_footerincludes\classes\wp-maintenance-mode.php:142
actioninitincludes\classes\wp-maintenance-mode.php:145
filterwp_mail_content_typeincludes\classes\wp-maintenance-mode.php:1360
filterwp_mail_from_nameincludes\classes\wp-maintenance-mode.php:1361
filterextra_plugin_headersincludes\functions\helpers.php:17
actionplugins_loadedwp-maintenance-mode.php:66
actionplugins_loadedwp-maintenance-mode.php:73
filterthemeisle_sdk_productswp-maintenance-mode.php:76
filterwp_maintenance_mode_about_us_metadatawp-maintenance-mode.php:78
filterwp_maintenance_mode_load_promotionswp-maintenance-mode.php:105
Maintenance & Trust

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 10, 2025
PHP min version7.1
Downloads19.3M

Community Trust

Rating86/100
Number of ratings859
Active installs500K
Alternatives

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder Alternatives

Maintenance Mode with Site Build Status

Maintenance Mode with Site Build Status

maintenance-mode-with-site-build-status

A
85

Add a maintenance page to your website that ALSO tells your customers and visitors exactly what stage of progress your website is in.

10 No CVEs
Under Construction page display for certain page is in under maintenance.

Under Construction page display for certain page is in under maintenance.

under-construction-for-specific-pages

A
85

Easy Drag & Drop Page Builder that adds a splash page to your site that it's perfect for a coming soon page, maintenance or landing page.

10 No CVEs
Simple Maintenance 4 wp

Simple Maintenance 4 wp

simple-maintenance-4-wp

A
85

Display a simple maintenance mode page while your site is undergoing scheduled maintenance The plugin does not require any additional configuration o &hellip;

0 No CVEs
Slim Maintenance Mode

Slim Maintenance Mode

slim-maintenance-mode

A
100

Simple and lightweight solution for scheduled maintenance. No settings page, just activate it and do your maintenance work stress-free.

10K No CVEs
Maintenance Notice

Maintenance Notice

maintenance-notice

A
91

Maintenance Notice plugin shows the maintenance information while performing updates on themes and plugins or fixing minor bugs on your website.

700 1 CVE
Developer Profile

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder Developer Profile

Themeisle

37 plugins · 2.2M total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
420 days
View full developer profile
Detection Fingerprints

How We Detect LightStart – Maintenance Mode, Coming Soon and Landing Page Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-maintenance-mode/assets/css/admin-style.css/wp-content/plugins/wp-maintenance-mode/assets/css/style.css/wp-content/plugins/wp-maintenance-mode/assets/js/admin-script.js/wp-content/plugins/wp-maintenance-mode/assets/js/script.js
Script Paths
/wp-content/plugins/wp-maintenance-mode/assets/js/admin-script.js/wp-content/plugins/wp-maintenance-mode/assets/js/script.js
Version Parameters
wp-maintenance-mode/assets/css/admin-style.css?ver=wp-maintenance-mode/assets/css/style.css?ver=wp-maintenance-mode/assets/js/admin-script.js?ver=wp-maintenance-mode/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpmm-wrapperwpmm-admin-wrapwp-maintenance-mode-admin-menuwpmm-active-menu-item
HTML Comments
<!-- WP Maintenance Mode Admin --><!-- WP Maintenance Mode --><!-- Main Wrapper -->
Data Attributes
data-wpmm-noncedata-wpmm-action
JS Globals
window.wpmm_settingsvar wpmm_noncevar wpmm_object
FAQ

Frequently Asked Questions about LightStart – Maintenance Mode, Coming Soon and Landing Page Builder