{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10638", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2025-09-17T13:34:17.993Z", "datePublished": "2025-10-22T06:00:02.379Z", "dateUpdated": "2026-04-02T12:39:50.738Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-02T12:39:50.738Z"}, "title": "NS Maintenance Mode for WP <= 1.3.1 - Unauthenticated Subscribers Export", "problemTypes": [{"descriptions": [{"description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "NS Maintenance Mode for WP", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThanOrEqual": "1.3.1"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address"}], "references": [{"url": "https://wpscan.com/vulnerability/1998a079-d986-47fe-907f-d4d295b06603/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Khaled Alenazi (Nxploited)", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-10-22T15:42:23.511916Z", "id": "CVE-2025-10638", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-22T15:42:45.575Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-10638", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-22T15:42:23.511916Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-22T15:42:38.157Z"}}], "cna": {"title": "NS Maintenance Mode for WP <= 1.3.1 - Unauthenticated Subscribers Export", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Khaled Alenazi (Nxploited)"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "NS Maintenance Mode for WP", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.3.1"}], "defaultStatus": "unknown"}], "references": [{"url": "https://wpscan.com/vulnerability/1998a079-d986-47fe-907f-d4d295b06603/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-02T12:39:50.738Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10638", "state": "PUBLISHED", "dateUpdated": "2026-04-02T12:39:50.738Z", "dateReserved": "2025-09-17T13:34:17.993Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2025-10-22T06:00:02.379Z", "assignerShortName": "WPScan"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address"}], "id": "CVE-2025-10638", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-10-22T06:15:30.593", "references": [{"source": "contact@wpscan.com", "url": "https://wpscan.com/vulnerability/1998a079-d986-47fe-907f-d4d295b06603/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Deferred"}

{}

{"analysis": {"en": {"generated_at": "2026-04-27T23:37:59.437338+00:00", "value": {"mitigation_remediation": ["Upgrade the NS Maintenance Mode for WP plugin to a version newer than 1.3.1 that addresses the authorization check for the export function", "If an upgrade is not immediately possible, disable or remove the subscriber export endpoint or block its URL via web\u2011application firewall rules", "Consider implementing an additional layer of access control, such as requiring valid session tokens or user roles before allowing export of subscriber data", "Regularly review installed plugins for known vulnerabilities and keep them updated to the latest secure releases"], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The issue exists in the NS Maintenance Mode for WP plugin for WordPress installations running any version through 1.3.1. Administrators who rely on this plugin for site status or maintenance should verify the installed version and ensure it is either upgraded or the export function is disabled.", "description_and_impact": "The NS Maintenance Mode for WP WordPress plugin up to version 1.3.1 contains a flaw in its subscriber export feature that does not enforce any authorization checks. As a result, anyone who can access the plugin endpoint can trigger the export and receive a file that lists every site subscriber\u2019s name and email address. This vulnerability allows an attacker to obtain personally identifying information that could be used for phishing, spam, or social engineering campaigns. It is an example of an information disclosure weakness (CWE\u2011200).", "risk_and_exploitability": "The vulnerability has a CVSS score of 5.3, indicating moderate severity. The EPSS score is under 1\u202f%, suggesting exploitation is unlikely at present, and the flaw is not listed in the CISA KEV catalog. The attack vector is unauthenticated, meaning no credentials or privileged access are required; any visitor who can reach the export URL can trigger the leak. Given the lack of further controls, the risk is limited to data exposure rather than a more destructive outcome."}}}}, "created": "2025-10-23T10:07:52.422975+00:00", "updated": "2026-04-27T23:45:15.889519+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"], "weaknesses": ["CWE-200", "CWE-284"]}