CVE-2024-38756: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2024-38756) affects the WordPress Coming Soon Page – Responsive Coming Soon & Maintenance Mode plugin versions through 1.6.3. It is classified as a Sensitive Data Exposure vulnerability that allows unauthorized access to functionality not properly constrained by ACLs. The vulnerability was discovered by Joshua Chan and was publicly disclosed on July 11, 2024 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. It is categorized under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The vulnerability requires no authentication to exploit and has a network attack vector with low attack complexity (Patchstack).

The vulnerability could allow malicious actors to view sensitive information that is normally not available to regular users. This exposed information could potentially be used to exploit other weaknesses in the system (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects versions up to and including 1.6.3 of the Coming Soon plugin (Patchstack).