What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance cmp-coming-soon-maintenance allows Using Malicious Files.This issue affects CMP – Coming Soon & Maintenance: from n/a through <= 4.1.14.
Explanation of Vulnerability in Simple Terms
02Summary
CMP – Coming Soon & Maintenance versions 4.1.14 and earlier allow authenticated administrators to upload files without proper validation. An attacker with admin privileges can upload malicious files to compromise the site. The vulnerability affects file handling across the entire application due to scope change.
What an attacker can do
03Attacker Capabilities
Upload malicious files to the site and execute code or modify site content.
Potential impact on your site
04Site Impact
A compromised admin account can be used to upload malware, deface the site, or steal data.
Conditions required to exploit
05Prerequisites
Attacker must have administrator-level access to the site.
Key dates
06Disclosure timeline
April 4, 2025
CVE published
April 28, 2026
Record updated