EPSS
Percentile
72.8%
No nonce protection on form submissions leading to CSRF and no input/output sanitization allowing for XSS when CSRF is exploited.
plugins.trac.wordpress.org/changeset/2194668/wp-maintenance
www.wordfence.com/blog/2019/11/high-severity-vulnerability-patched-in-wp-maintenance-plugin/