4 matches found
CVE-2022-1896
The CVE-2022-1896 entry concerns the WordPress underConstruction plugin pre-1.21. The vulnerability arises because the setting “Display a custom page using your own HTML” is not sanitized/escaped before output, allowing stored Cross-Site Scripting by high-privilege users even when unfiltered_html...
CVE-2021-39320
CVE-2021-39320 affects the WordPress Under Construction plugin (versions
CVE-2022-1895
The CVE records a CSRF vulnerability in the WordPress underConstruction plugin, affecting versions before 1.20. The issue arises from missing CSRF protection when deactivating Construction mode, enabling a logged-in admin action via CSRF attack. Connected sources confirm affected software (WordPr...
CVE-2013-2699
The CVE-2013-2699 entry concerns the WordPress underConstruction plugin (versions before 1.09). The vulnerability is a CSRF flaw that allows an attacker to hijack administrator authentication to deactivate the plugin via unspecified vectors, potentially disabling protection for the site. Affected...