3 matches found
CVE-2022-0199
CVE-2022-0199 concerns the WordPress plugin Coming soon and Maintenance mode (pre-3.6.8). The vulnerability is a CSRF flaw in the coming_soon_send_mail AJAX action, which allows a logged-in admin to cause the site to send arbitrary emails to all subscribed users. Affected versions are prior to 3....
CVE-2022-0164
CVE-2022-0164 affects the WordPress plugin Coming soon and Maintenance mode. The vulnerability stems from missing authorization and CSRF checks in the coming_soon_send_mail AJAX action, enabling any authenticated user with a role as low as subscriber to send arbitrary emails to all subscribed use...
CVE-2021-24577
CVE-2021-24577 affects the WordPress Coming Soon and Maintenance Mode plugin prior to version 3.5.3. The vulnerability is an authenticated stored XSS caused by improper input sanitization when setting/adding/modifying coming soon or maintenance mode pages. Impact is client-side JavaScript executi...