Does WP Maintenance Mode & Site Under Construction have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Maintenance Mode & Site Under Construction have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Maintenance Mode & Site Under Construction compatible with WordPress 6.8.5?

According to WordPress.org data, WP Maintenance Mode & Site Under Construction 4.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is WP Maintenance Mode & Site Under Construction updated?

WP Maintenance Mode & Site Under Construction was last updated on Jun 2, 2025. Frequent updates are generally a positive security signal.

What is WP Maintenance Mode & Site Under Construction's security score?

WP Maintenance Mode & Site Under Construction has a WP-Safety security score of 93/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Maintenance Mode & Site Under Construction Security & Risk Analysis

wordpress.org/plugins/wp-maintenance-mode-site-under-construction

WP plugin for Under Construction, Maintenance Mode & Coming Soon Pages. Enable with one click & show a landing page to visitors easily.

3K active installs v4.4 PHP + WP 4.8+ Updated Jun 2, 2025

coming-sooncoming-soon-pagelanding-pagemaintenance-modeunder-construction

A · Safe

CVEs total5

Unpatched0

Last CVEJun 5, 2025

Plugin page Download

Safety Verdict

Is WP Maintenance Mode & Site Under Construction Safe to Use in 2026?

Generally Safe

Score 93/100

WP Maintenance Mode & Site Under Construction has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Jun 5, 2025Updated 10mo ago

Risk Assessment

The "wp-maintenance-mode-site-under-construction" plugin, version 4.4, exhibits a mixed security posture. While static analysis reveals good practices such as the absence of dangerous functions, 100% use of prepared statements for SQL queries, and a high percentage of properly escaped output, several areas raise concerns. The presence of 3 AJAX handlers, even without explicit mention of being unprotected, represents an attack surface that warrants careful scrutiny. The lack of any taint analysis findings is a positive indicator, suggesting no obvious immediate risks from unsanitized data flows. However, the plugin's vulnerability history is a significant red flag. With 5 known CVEs, all of which are currently patched, and a history dominated by High and Medium severity issues like Cross-Site Request Forgery (CSRF) and Improper Authorization, this indicates a recurring pattern of security weaknesses. While current versions appear patched, this history suggests a need for vigilance regarding future vulnerabilities and reinforces the importance of prompt patching when they do arise.

Key Concerns

Multiple High severity vulnerabilities in history
One Medium severity vulnerability in history
Attack surface with 3 AJAX handlers
87% output escaping (potential for XSS)

Vulnerabilities

WP Maintenance Mode & Site Under Construction Security Vulnerabilities

CVEs by Year

4 CVEs in 2021

2021

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2025-49284medium · 4.3Cross-Site Request Forgery (CSRF)

WP Maintenance Mode & Site Under Construction <= 4.3 - Cross-Site Request Forgery

Jun 5, 2025 Patched in 4.4 (7d)

WF-22713937-d834-46cf-83ec-6f9f61b548e3-wp-maintenance-mode-site-under-constructionhigh · 8.8Cross-Site Request Forgery (CSRF)

Conditional Marketing Mailer for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation/Activation

Apr 22, 2021 Patched in 1.6 (1006d)

CVE-2021-24190high · 8.8Improper Authorization

WooCommerce Conditional Marketing Mailer <= 1.5.1 - Improper Authorization

Apr 22, 2021 Patched in 1.5.2 (1006d)

CVE-2021-24191high · 8.8Improper Authorization

WP Maintenance Mode & Site Under Construction < 1.8.2 - Missing Authorization to Arbitrary Plugin Installation/Activation

Apr 22, 2021 Patched in 1.8.2 (1006d)

WF-b4d33e69-3620-42d9-adb3-267a5ed02a58-wp-maintenance-mode-site-under-constructionhigh · 8.8Cross-Site Request Forgery (CSRF)

WP Maintenance Mode & Site Under Construction <= 1.8.2 - Cross-Site Request Forgery to Arbitrary Plugin Installation/Activation

Apr 22, 2021 Patched in 1.9 (1006d)

Code Analysis

Analyzed Mar 16, 2026

WP Maintenance Mode & Site Under Construction Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

174 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

87% escaped199 total outputs

Attack Surface

WP Maintenance Mode & Site Under Construction Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_toggle_maintenance_modeadmin\settings.php:266

authwp_ajax_contactform_actiontemplate.php:13

noprivwp_ajax_contactform_actiontemplate.php:14

WordPress Hooks 17

actionadmin_initadmin\settings.php:4

actionadmin_enqueue_scriptsadmin\settings.php:71

actionadmin_footeradmin\settings.php:75

actionadmin_enqueue_scriptsadmin\settings.php:222

actionadmin_bar_menuadmin\settings.php:229

actionadmin_menuadmin\settings.php:306

actionadmin_initadmin\settings.php:307

actionadmin_footeradmin\settings.php:308

actionadmin_footeradmin\settings.php:310

actionwp_footeradmin\settings.php:311

actionadmin_print_stylesadmin\settings.php:1412

actionadmin_enqueue_scriptsadmin\settings.php:1422

actioninitmaintenance.php:23

actioninittemplate.php:12

actionwp_enqueue_scriptstemplate.php:25

actionwp_enqueue_scriptstemplate.php:26

filterembed_oembed_discovertemplate.php:833

Maintenance & Trust

WP Maintenance Mode & Site Under Construction Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 2, 2025

PHP min version

Downloads49K

Community Trust

Rating70/100

Number of ratings4

Active installs3K

Alternatives

WP Maintenance Mode & Site Under Construction Alternatives

SKT Maintenance – Coming Soon, Under Construction, Maintenance Landing Page

skt-maintenance

100

SKT maintenance plugin permits all WordPress website admins to shut the website for maintenance and set short-lived page along with the authorization.

30 No CVEs

WP Simple Maintenance & Under Construction Mode

wp-simple-maintenance-mode

Create a simple Coming Soon Page, Under Construction or Maintenance Mode Page with WP Simple Maintenance Mode Plugin. Work on your site in private whi …

30 No CVEs

Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode

coming-soon

Easy Drag & Drop Page Builder. A complete solution to create a WordPress Website, Custom Themes, Landing Pages, Coming Soon & Maintenance Mode Pages.

700K 1 unpatched

CMP – Coming Soon & Maintenance Plugin by NiteoThemes

cmp-coming-soon-maintenance

Beautiful Coming soon, Maintenance or Landing page on your website, packed with premium features for free.

200K 6 CVEs

Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages

page-builder-add

Easily create high-converting, responsive landing pages with 120+ templates using the free PluginOps Page Builder for WordPress.

10K 1 unpatched

Developer Profile

WP Maintenance Mode & Site Under Construction Developer Profile

wp-buy

13 plugins · 355K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

926 days

View full developer profile

Detection Fingerprints

How We Detect WP Maintenance Mode & Site Under Construction

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-maintenance-mode-site-under-construction/css/admin-style.css/wp-content/plugins/wp-maintenance-mode-site-under-construction/css/colorpicker.css/wp-content/plugins/wp-maintenance-mode-site-under-construction/css/frontend-style.css/wp-content/plugins/wp-maintenance-mode-site-under-construction/js/admin-script.js/wp-content/plugins/wp-maintenance-mode-site-under-construction/js/colorpicker.js/wp-content/plugins/wp-maintenance-mode-site-under-construction/js/frontend-script.js/wp-content/plugins/wp-maintenance-mode-site-under-construction/js/jquery.countdown.min.js/wp-content/plugins/wp-maintenance-mode-site-under-construction/js/tinymce-plugin.js

Script Paths

/wp-content/plugins/wp-maintenance-mode-site-under-construction/js/admin-script.js/wp-content/plugins/wp-maintenance-mode-site-under-construction/js/frontend-script.js/wp-content/plugins/wp-maintenance-mode-site-under-construction/js/jquery.countdown.min.js/wp-content/plugins/wp-maintenance-mode-site-under-construction/js/tinymce-plugin.js

Version Parameters

wp-maintenance-mode-site-under-construction/css/admin-style.css?ver=wp-maintenance-mode-site-under-construction/css/colorpicker.css?ver=wp-maintenance-mode-site-under-construction/css/frontend-style.css?ver=wp-maintenance-mode-site-under-construction/js/admin-script.js?ver=wp-maintenance-mode-site-under-construction/js/colorpicker.js?ver=wp-maintenance-mode-site-under-construction/js/frontend-script.js?ver=wp-maintenance-mode-site-under-construction/js/jquery.countdown.min.js?ver=wp-maintenance-mode-site-under-construction/js/tinymce-plugin.js?ver=

HTML / DOM Fingerprints

CSS Classes

MM_And_SUC_Free_row

Data Attributes

data-countdown

JS Globals

MM_And_SUC_Free_admin_script_params

FAQ