oss-sec mailing list archives
Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Tue, 20 Jan 2026 14:49:18 -0800
On 1/20/26 05:31, mohammed gaming 222 wrote:
Hello OSS-Security Team,
I would like to responsibly disclose a security vulnerability identified in
the WordPress plugin *Under Construction & Maintenance Mode*.
------------------------------
Disclosure Timeline
- Vulnerability discovered through manual security testing
- Advisory published through community channels
- No active exploitation observed at the time of disclosure
------------------------------
Your timeline is missing the dates these events happened - and most importantly
it's missing if/when you notified the vendor. It's not "responsible disclosure"
if you haven't told the people who can actually fix the problem - as Moritz
noted, Wordpress plugins are mostly an entirely different ecosystem than the
folks on this list, so they're not likely to find out from a posting here.
--
-Alan Coopersmith- alan.coopersmith () oracle com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
Current thread:
- WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality mohammed gaming 222 (Jan 20)
- Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Moritz Mühlenhoff (Jan 20)
- Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Hanno Böck (Jan 21)
- Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Soatok Dreamseeker (Jan 21)
- Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Hanno Böck (Jan 21)
- Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Alan Coopersmith (Jan 20)
- Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Moritz Mühlenhoff (Jan 20)