CVE-2023-6922 - Vulnerability Details - OpenCVE

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax' function. This can allow authenticated attackers to extract sensitive data such as names and email addresses of subscribed visitors.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Acurax	Under Construction \/ Maintenance Mode

Configuration 1 [-]

cpe:2.3:a:acurax:under_construction_\/_maintenance_mode:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/coming-soon-maintenance-mode-from-acurax/trunk/function.php?rev=2539156#L612
https://www.wordfence.com/threat-intel/vulnerabilities/id/2a75f4eb-698b-4c92-9829-de6c55e21ecb?source=cve

History

Wed, 08 Apr 2026 17:00:00 +0000

Type	Values Removed	Values Added
Title		Under Construction / Maintenance Mode from Acurax <= 2.6 - Authenticated (Subscriber+) Sensitive Information Exposure
Weaknesses		CWE-200

Fri, 27 Feb 2026 06:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 07 Feb 2025 02:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Acurax Acurax under Construction \/ Maintenance Mode
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:acurax:under_construction_\/_maintenance_mode::::::wordpress::*
Vendors & Products		Acurax Acurax under Construction \/ Maintenance Mode

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-02-28T08:33:05.608Z

Updated: 2026-04-08T16:43:29.542Z

Reserved: 2023-12-18T15:08:35.575Z

Link: CVE-2023-6922

Vulnrichment

Updated: 2024-08-02T08:42:08.541Z

NVD

Status : Modified

Published: 2024-02-28T09:15:40.673

Modified: 2026-04-08T17:17:17.000

Link: CVE-2023-6922

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-6922", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-12-18T15:08:35.575Z", "datePublished": "2024-02-28T08:33:05.608Z", "dateUpdated": "2026-04-08T16:43:29.542Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:43:29.542Z"}, "affected": [{"vendor": "acurax", "product": "Under Construction / Maintenance Mode from Acurax", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax' function. This can allow authenticated attackers to extract sensitive data such as names and email addresses of subscribed visitors."}], "title": "Under Construction / Maintenance Mode from Acurax <= 2.6 - Authenticated (Subscriber+) Sensitive Information Exposure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a75f4eb-698b-4c92-9829-de6c55e21ecb?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/coming-soon-maintenance-mode-from-acurax/trunk/function.php?rev=2539156#L612"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "timeline": [{"time": "2023-12-16T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2023-12-16T00:00:00.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2024-02-27T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:08.541Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a75f4eb-698b-4c92-9829-de6c55e21ecb?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/coming-soon-maintenance-mode-from-acurax/trunk/function.php?rev=2539156#L612", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-07T18:20:29.359281Z", "id": "CVE-2023-6922", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-07T18:24:53.966Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a75f4eb-698b-4c92-9829-de6c55e21ecb?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/coming-soon-maintenance-mode-from-acurax/trunk/function.php?rev=2539156#L612", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:08.541Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6922", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-07T18:20:29.359281Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-07T18:24:48.347Z"}}], "cna": {"title": "Under Construction / Maintenance Mode from Acurax <= 2.6 - Authenticated (Subscriber+) Sensitive Information Exposure", "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "acurax", "product": "Under Construction / Maintenance Mode from Acurax", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-12-16T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2023-12-16T00:00:00.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2024-02-27T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a75f4eb-698b-4c92-9829-de6c55e21ecb?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/coming-soon-maintenance-mode-from-acurax/trunk/function.php?rev=2539156#L612"}], "descriptions": [{"lang": "en", "value": "The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax' function. This can allow authenticated attackers to extract sensitive data such as names and email addresses of subscribed visitors."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:43:29.542Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6922", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:43:29.542Z", "dateReserved": "2023-12-18T15:08:35.575Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-02-28T08:33:05.608Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acurax:under_construction_\\/_maintenance_mode:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6C7D3084-18DA-4ABD-A2EB-2D0CC7B79A77", "versionEndIncluding": "2.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax' function. This can allow authenticated attackers to extract sensitive data such as names and email addresses of subscribed visitors."}, {"lang": "es", "value": "El modo En construcci\u00f3n/mantenimiento del complemento Acurax para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en versiones hasta la 2.6 incluida, a trav\u00e9s de la funci\u00f3n 'acx_csma_subscribe_ajax'. Esto puede permitir a atacantes autenticados extraer datos confidenciales, como nombres y direcciones de correo electr\u00f3nico de visitantes suscritos."}], "id": "CVE-2023-6922", "lastModified": "2026-04-08T17:17:17.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-28T09:15:40.673", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/coming-soon-maintenance-mode-from-acurax/trunk/function.php?rev=2539156#L612"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a75f4eb-698b-4c92-9829-de6c55e21ecb?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/coming-soon-maintenance-mode-from-acurax/trunk/function.php?rev=2539156#L612"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a75f4eb-698b-4c92-9829-de6c55e21ecb?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Secondary"}]}