Platform
wordpress
Component
under-construction-maintenance-mode
Fixed in
2.1.2
2.1.2
CVE-2026-34896 describes a Cross-Site Request Forgery (SSRF) vulnerability found in the Under Construction, Coming Soon & Maintenance Mode plugin for WordPress. Successful exploitation could allow an unauthenticated attacker to perform unauthorized actions on a website if they can manipulate a site administrator into clicking a malicious link. This vulnerability impacts versions of the plugin up to and including 2.1.1, but a patch is available in version 2.1.2.
The Cross-Site Request Forgery (CSRF) vulnerability in the 'Under Construction, Coming Soon & Maintenance Mode' WordPress plugin, identified as CVE-2026-34896, allows unauthenticated attackers to perform unauthorized actions on a website. This is due to missing or incorrect nonce validation in a plugin function. An attacker could trick a site administrator into clicking a malicious link, resulting in an undesired action being executed on their behalf. The potential impact includes modifying site configuration, enabling or disabling features, or even altering content, depending on the affected administrator’s permissions. This vulnerability affects all versions of the plugin up to and including 2.1.1.
An attacker could exploit this vulnerability by sending a malicious link to a site administrator. Visiting this link by the administrator would execute an unauthorized action on the website. The difficulty of exploitation depends on the attacker's ability to deceive the administrator. Phishing techniques or including the malicious link in a seemingly legitimate email or message are common methods to achieve this deception. The lack of nonce validation allows the attacker to forge requests, making them appear to originate from a legitimate user session.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
The recommended solution is to immediately update the 'Under Construction, Coming Soon & Maintenance Mode' plugin to version 2.1.2 or higher. This update corrects the CSRF vulnerability by implementing proper nonce validation. In the meantime, as a preventative measure, limit administrator access to critical functions and be extremely cautious when clicking links from unknown or suspicious sources. Implementing a Web Application Firewall (WAF) can also help mitigate the risk by blocking malicious requests. Regular website backups are crucial to allow restoration in case of a successful attack.
Update to version 2.1.2, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CSRF (Cross-Site Request Forgery) is a type of attack that forces an authenticated user to perform unwanted actions on a web application. The attacker leverages the user’s active session to execute commands.
If you are using a version of the 'Under Construction, Coming Soon & Maintenance Mode' plugin older than 2.1.2, your site is vulnerable. Verify the plugin version in your WordPress admin dashboard.
Immediately change the passwords of all users with administrator privileges. Perform a thorough scan of the site for modified files or suspicious activity. Restore the site from a clean backup if possible.
There are web security scanning tools that can detect CSRF vulnerabilities, although effectiveness may vary. Consider using a WordPress security plugin that includes vulnerability scanning capabilities.
No, a KEV is not currently available for this vulnerability.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.