2 matches found
CVE-2022-1593 Site Offline or Coming Soon <= 1.6.6 - Stored Cross-Site Scripting via CSRF
The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads ...
CVE-2022-1593
CVE-2022-1593 affects the WordPress Site Offline or Coming Soon plugin (versions 1.6.6 and earlier). The root cause is missing CSRF checks and inadequate sanitisation/escaping in settings updates, enabling a logged-in administrator to inject stored XSS payloads via CSRF. Several sources corrobora...