25 matches found
WordPress YITH Maintenance Mode plugin <= 1.3.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Red Team in WordPress YITH Maintenance Mode plugin versions = 1.3.7. Vulnerable parameter: &yithmaintenancenewslettersubmitlabel. Solution Update the WordPress YITH Maintenance Mode plugin to th...
CVE-2021-24191
Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the WP Maintenance Mode & Site Under Construction WordPress plugin before 1.8.2, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blo...
WordPress WP Maintenance Mode Plugin Information Disclosure Vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WP Maintenance Mode Plugin is used in one of the site maintenance page settings plugin. An information disclosu...
WordPress WP Maintenance Mode Plugin Arbitrary PHP Code Execution Vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WP Maintenance Mode Plugin is used in one of the site maintenance page settings plugin. An arbitrary PHP code...
WordPress WP Maintenance Mode Plugin Access Restriction Bypass Vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WP Maintenance Mode Plugin is used in one of the site maintenance page settings plugin. WordPress WP Maintenanc...