PLUGIN SECURITY
Is Coming Soon safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Coming Soon WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
coming-soon - Requires PHP: 5.6+
- Max supported PHP (analyzed): <8.0
Known vulnerabilities
- Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode [coming-soon] < 5.1.2 [CVE-2020-15038, WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd plugin <= 5.1.0 - Persistent Cross-Site Scripting (XSS) vulnerability, Coming Soon Page, Under Construction & Maintenance Mode by SeedProd < 5.1.2 - Authenticated Stored Cross Site Scripting (XSS), Coming Soon Page by SeedProd <= 5.1.1 - Authenticated Stored Cross-Site Scripting]
- Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode [coming-soon] < 6.15.15.3 [CVE-2023-4975, Website Builder by SeedProd <= 6.15.13.1 - Cross-Site Request Forgery to Settings Update, WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Plugin <= 6.15.13.1 is vulnerable to Cross Site Request Forgery (CSRF), Website Builder by SeedProd < 6.15.15.3 - Arbitrary Settings Update via CSRF]
- Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode [coming-soon] < 6.15.22 [Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.15.21 - Missing Authorization via seedprod_lite_new_lpage]
- Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode [coming-soon] < 6.15.22 [WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Plugin <= 6.15.21 is vulnerable to Broken Access Control]
- Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode [coming-soon] < 6.15.22 [CVE-2024-1072, Website Builder by SeedProd < 6.15.22 - Unauthenticated Plugin Page Content Update]
+ 7 more known vulnerabilities
- Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode [coming-soon] < 6.15.21 [CVE-2024-32088, WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Plugin <= 6.15.20 is vulnerable to Cross Site Request Forgery (CSRF), Coming Soon Page, Under Construction & Maintenance Mode by SeedProd <= 6.15.20 - Cross-Site Request Forgery to Notice Dismissal]
- Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode [coming-soon] < 6.18.4 [CVE-2024-47299, WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Plugin <= 6.17.4 is vulnerable to Cross Site Scripting (XSS), Coming Soon Page, Under Construction & Maintenance Mode by SeedProd <= 6.17.4 - Authenticated (Editor+) Stored Cross-Site Scripting]
- Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode [coming-soon] < 6.18.10 [CVE-2025-24540, EUVD-2025-3751, Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.18.9 - Cross-Site Request Forgery]
- Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode [coming-soon] < 6.18.16 [CVE-2025-3949, Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.18.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure, WordPress Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Plugin <= 6.18.15 is vulnerable to Broken Access Control, EUVD-2025-14166]
- Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode [coming-soon] < 6.19.9 [CVE-2026-27368, Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.19.8 - Missing Authorization]
- Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode [coming-soon] < 6.19.9 [CVE-2026-39464, Coming Soon Page, Under Construction & Maintenance Mode by SeedProd <= 6.19.8 - Authenticated (Editor+) Server-Side Request Forgery]
- Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode [coming-soon] < 6.20.3 [CVE-2025-14785, Website Builder by SeedProd - Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'seedprodnestedmenuwidget' Shortcode]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Elementor Website Builder – more than just a page builder — 10000000+ active installs — max PHP 8.4
- Maintenance — 1000000+ active installs — max PHP 8.4
- Under Construction — 600000+ active installs — max PHP 8.4
- LightStart – Maintenance Mode, Coming Soon and Landing Page Builder — 400000+ active installs
- Page Builder: Pagelayer – Drag and Drop website builder — 400000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.