CVE-2025-12586
The CVE concerns the WordPress plugin Conditional Maintenance Mode for WordPress, affecting all versions up to and including 1.0.0. The root cause is missing nonce validation when toggling the maintenance mode status, leading to Cross‑Site Request Forgery (CSRF). This enables unauthenticated atta...