Conditionele Onderhoudsmodus voor WordPress <= 1.0.0 - Cross-Site Request Forgery
Platform
wordpress
Component
maintenance-mode-based-on-user-roles
Opgelost in
1.0.1
CVE-2025-12586 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the Conditional Maintenance Mode plugin for WordPress. This flaw allows unauthenticated attackers to manipulate the plugin's settings, specifically enabling or disabling the site's maintenance mode, potentially causing service disruptions. The vulnerability impacts versions 1.0.0 and earlier, with a fix available in version 2.0.0.
Detecteer deze CVE in je project
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Impact en Aanvalsscenarioswordt vertaald…
The primary impact of this CSRF vulnerability is the ability for an attacker to remotely control the site's maintenance mode status. By crafting a malicious request and tricking an administrator into clicking a link or visiting a compromised page, an attacker can unexpectedly put the site into maintenance mode, denying access to legitimate users. Conversely, they could disable maintenance mode when it's intended to be active, potentially exposing the site to vulnerabilities. The blast radius is limited to the affected WordPress site and its users; however, the disruption caused by unexpected maintenance mode changes can be significant.
Uitbuitingscontextwordt vertaald…
This vulnerability was publicly disclosed on 2025-11-25. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog at the time of writing. The CVSS score of 4.3 (Medium) indicates a moderate risk, suggesting potential for exploitation if attackers can successfully craft and deliver malicious requests.
Wie Loopt Risicowordt vertaald…
WordPress sites utilizing the Conditional Maintenance Mode plugin, particularly those with administrators who are susceptible to social engineering attacks or who frequently click on links from untrusted sources, are at risk. Shared hosting environments where multiple websites share the same server resources are also potentially vulnerable, as a compromise on one site could lead to attacks targeting others.
Detectiestappenwordt vertaald…
• wordpress / composer / npm:
grep -r 'maintenance_mode_status' /var/www/html/wp-content/plugins/conditional-maintenance-mode/• wordpress / composer / npm:
wp plugin list --status=inactive | grep 'conditional-maintenance-mode'• wordpress / composer / npm:
wp plugin list --status=active | grep 'conditional-maintenance-mode'Aanvalstijdlijn
- Disclosure
disclosure
Dreigingsinformatie
Exploit Status
EPSS
0.02% (5% percentiel)
CISA SSVC
CVSS-vector
Wat betekenen deze metrics?
- Attack Vector
- Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
- Attack Complexity
- Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
- Privileges Required
- Geen — geen authenticatie vereist om te exploiteren.
- User Interaction
- Vereist — slachtoffer moet een bestand openen, op een link klikken of een pagina bezoeken.
- Scope
- Ongewijzigd — impact beperkt tot het kwetsbare component.
- Confidentiality
- Geen — geen vertrouwelijkheidsimpact.
- Integrity
- Geen — geen integriteitsimpact.
- Availability
- Laag — gedeeltelijke of intermitterende denial of service.
Getroffen Software
Pakketinformatie
- Actieve installaties
- 0
- Plugin-beoordeling
- 0.0
- Vereist WordPress
- 4.0+
- Compatibel tot
- 6.7.5
Zwakheidsclassificatie (CWE)
Tijdlijn
- Gereserveerd
- Gepubliceerd
- Gewijzigd
- EPSS bijgewerkt
Mitigatie en Workaroundswordt vertaald…
The recommended mitigation is to immediately upgrade the Conditional Maintenance Mode plugin to version 2.0.0 or later, which addresses the missing nonce validation. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to filter out suspicious requests targeting the maintenance mode toggling endpoint. Additionally, educate administrators to be cautious of suspicious links and avoid clicking on them without verifying their authenticity. After upgrading, confirm the fix by attempting to trigger the maintenance mode toggle via a crafted CSRF request – it should be rejected.
Hoe te verhelpen
Update naar versie 2.0.0, of een nieuwere gepatchte versie
CVE Beveiligingsnieuwsbrief
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
Veelgestelde vragenwordt vertaald…
What is CVE-2025-12586 — XSRF in Conditional Maintenance Mode for WordPress?
CVE-2025-12586 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Conditional Maintenance Mode WordPress plugin, allowing attackers to toggle maintenance mode without authentication.
Am I affected by CVE-2025-12586 in Conditional Maintenance Mode for WordPress?
You are affected if you are using the Conditional Maintenance Mode plugin version 1.0.0 or earlier. Upgrade to 2.0.0 to mitigate the risk.
How do I fix CVE-2025-12586 in Conditional Maintenance Mode for WordPress?
Upgrade the Conditional Maintenance Mode plugin to version 2.0.0 or later. Consider WAF rules as a temporary workaround if immediate upgrade isn't possible.
Is CVE-2025-12586 being actively exploited?
There are currently no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Where can I find the official Conditional Maintenance Mode advisory for CVE-2025-12586?
Refer to the plugin developer's website or the WordPress plugin repository for the latest advisory and update information.
Is jouw project getroffen?
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.