CVE-2024-9705: 
WordPress vulnerability analysis and mitigation

The Ultimate Coming Soon & Maintenance plugin for WordPress contains a vulnerability (CVE-2024-9705) related to unauthorized modification of data. The vulnerability affects all versions up to and including 1.0.9, discovered and disclosed on December 6, 2024. The issue stems from a missing capability check in the 'ucsm_update_template_name_lite' function (NVD).

The vulnerability is classified as CWE-862 (Missing Authorization) with a CVSS v3.1 base score of 4.3 (MEDIUM). The vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, no user interaction, unchanged scope, no impact on confidentiality, low impact on integrity, and no impact on availability (Wordfence).

The vulnerability allows authenticated attackers with Subscriber-level access or higher to modify the names of the plugin's templates. This unauthorized modification capability could potentially affect the plugin's functionality and user experience (NVD).

Users should update to a version newer than 1.0.9 once available. In the meantime, it is recommended to restrict access to subscriber-level accounts and monitor template modifications (NVD).