2 matches found
CVE-2020-6167
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo...
CVE-2020-6167
The CVE-2020-6167 entry concerns WordPress plugin Minimal Coming Soon & Maintenance Mode (versions up to 2.10). The vulnerability is a CSRF to stored XSS and setting changes, permitted by a lack of nonce checks on settings endpoints, enabling an attacker to enable maintenance mode, inject XSS, mo...