Lucene search
Vlad Visse (Patchstack)PATCHSTACK:6427E657B17518448AEDAF331DF18E32HistorySep 23, 2021 - 12:00 a.m.
WordPress YITH Maintenance Mode plugin <= 1.3.8 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
2021-09-2300:00:00
Vlad Visse (Patchstack)
patchstack.com
9
0.001 Low
EPSS
Percentile
22.9%
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered by Vlad Visse (Patchstack) in WordPress YITH Maintenance Mode plugin (versions <= 1.3.8). Additionally, there are 46 additional parameters fixed that were missed by updating from vulnerable version 1.3.7 to 1.3.8 reported by Asif Nawaz Minhas (Patchstack Red Team).
Solution
Update the WordPress YITH Maintenance Mode plugin to the latest available version (at least 1.4.0).
| CPE | Name | Operator | Version |
|---|---|---|---|
| yith maintenance mode | le | 1.3.8 |
Related
cve
cve
CVE-2021-36845
2021-09-27 16:15:09
cvelist
cvelist
nvd
nvd
CVE-2021-36845
2021-09-27 16:15:09
wpvulndb
wpvulndb
YITH Maintenance Mode < 1.4.0 - Multiple Admin+ Stored Cross-Site Scripting
2021-09-23 00:00:00
prion
prion
Cross site scripting
2021-09-27 16:15:00