[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqYIAYtz2yTWbNgeEwh9XDiaxvgaAd-TF_SH0cZH83jY":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"WF-86c1b729-e8fe-46e8-8d57-c6312087c6b2-under-construction-maintenance-mode","under-construction-coming-soon-maintenance-mode-server-side-request-forgery-2","Under Construction, Coming Soon & Maintenance Mode \u003C= 1.1.1 - Server Side Request Forgery","The Under Construction, Coming Soon & Maintenance Mode Plugin for WordPress is vulnerable to Server Side Request Forgery in versions up to, and including, 1.1.1.  This is due to missing or incorrect nonce validation on the 'ucmm_mc_api' function. This makes it possible for unauthenticated attackers to exploit via direct access to the affected file, and the application that supports data imports from URLs or allows them to read data from URLs","under-construction-maintenance-mode",null,"\u003C1.1.2","1.1.2","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Server-Side Request Forgery (SSRF)","2021-02-27 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F86c1b729-e8fe-46e8-8d57-c6312087c6b2?source=api-prod",1060]