RSS   Podatności dla
'Coming soon and maintenance mode'
   RSS

2022-02-21
 
CVE-2022-0164

CWE-863
 

 
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users

 
 
CVE-2022-0199

CWE-352
 

 
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack

 
2021-10-11
 
CVE-2021-24577

CWE-79
 

 
The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode pages, leading to stored XSS.

 

 >>> Vendor: Wpdevart 10 Produkty
Gallery
Booking calendar
Responsive image gallery gallery album
Poll\, survey\, questionnaire and voting system
Youtube embed\, playlist and popup
Countdown and countup\, woocommerce sales timer
Coming soon and maintenance mode
Duplicate page or post
Pricing table builder
Social comments


Copyright 2024, cxsecurity.com

 

Back to Top