Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) discovered by Rasi Afeef (Patchstack Alliance) in the WordPress Mantenimiento web plugin (versions <= 0.13).
Update the WordPress Mantenimiento web plugin to the latest available version (at least 0.14).