Home

Description

The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address

PUBLISHED Reserved 2025-09-17 | Published 2025-10-22 | Updated 2025-10-22 | Assigner WPScan

Problem types

CWE-862 Missing Authorization

Product status

Default status
affected

Any version
affected

Credits

Khaled Alenazi (Nxploited) finder

WPScan coordinator

References

wpscan.com/...rability/1998a079-d986-47fe-907f-d4d295b06603/ exploit vdb-entry technical-description

cve.org (CVE-2025-10638)

nvd.nist.gov (CVE-2025-10638)

Download JSON