CVE-2024-1476

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mo...

PT-2024-18076 · WordPress · Wp Maintenance

Name of the Vulnerable Software and Affected Versions: WP Maintenance plugin for WordPress versions up to, and including, 6.1.6 Description: The issue allows unauthenticated attackers to bypass the plugin's maintenance mode and obtain post and page content via the REST API. Recommendations: For W...

CVE-2022-47590 WordPress Maintenance Switch Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Fugu Maintenance Switch plugin = 1.5.2 versions...

WordPress Maintenance Switch Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS)

Software Maintenance Switch Type Plugin Vulnerable versions = 1.5.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47590 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 56383f0b4655 Credits minhtuanact Required...

CVE-2022-30536

Authenticated Stored Cross-Site Scripting XSS vulnerability in Florent Maillefaud's WP Maintenance plugin = 6.0.7 at WordPress...

CVE-2021-36828

Authenticated admin+ Stored Cross-Site Scripting XSS in WP Maintenance plugin = 6.0.7 versions...

PT-2022-10567 · WordPress · Wp Maintenance

Name of the Vulnerable Software and Affected Versions: WP Maintenance plugin versions prior to 6.0.8 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS in the WP Maintenance plugin. This affects multiple inputs and can be exploited by authenticated administrator...

WordPress plugin WP Maintenance 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...

Maintenance < 4.03 - Authenticated Stored XSS

The plugin does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them even when the unfilteredhtml capability is disallowed, which will be triggered in the frontend POST /wp-admin/admin.php?page=maintenance HTTP/1.1...

WordPress WP Maintenance Cross-Site Request Forgery Vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up personal blog sites.WP Maintenance is used in one of the site maintenance page settings plugin. A cross-site request forgery vulnerability exist...