CVE-2022-1576
The CVE concerns the WP Maintenance Mode & Coming Soon WordPress plugin (pre-2.4.5). The root cause is missing CSRF protection when emptying the subscribed users list, potentially allowing an attacker to induce a logged-in admin to perform this action via a CSRF attack. Reported impact is unautho...