3 matches found
CVE-2021-36828
CVE-2021-36828 affects the WordPress WP Maintenance plugin, with an authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in versions up to 6.0.7. The issue involves multiple inputs not being properly sanitized, enabling XSS by privileged users. Several sources (NVD/NIST, CVE rec...
CVE-2019-19979
The CVE concerns the WordPress WP Maintenance plugin prior to version 5.0.6. A CSRF vulnerability allowed attackers to enable the plugin’s maintenance mode and inject malicious code affecting site visitors, enabling a stored XSS path when maintenance settings were manipulated. Root cause cited ac...
CVE-2022-30536
CVE-2022-30536 affects WordPress WP Maintenance plugin = 6.0.8 (or later) per Patchstack guidance.