SeedProd Coming Soon Page allows hackers to make unauthorized requests

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

SeedProd Coming Soon Page allows hackers to make unauthorized requests

CVE-2026-39464

Summary

A security issue in SeedProd's Coming Soon Page plugin allows hackers to make fake requests to any website, potentially stealing sensitive information or taking control of other sites. This affects versions of the plugin up to 6.19.8. Update to the latest version to fix the issue.

Original title

Original description

Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through <= 6.19.8.

Vulnerability type

CWE-918 Server-Side Request Forgery (SSRF)

https://patchstack.com/database/Wordpress/Plugin/coming-soon/vulnerability/wordp...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026