Minimal Coming Soon & Maintenance Mode through 2.10 Cross-Site Request Forgery (CSRF) Vulnerability

Summary

A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10.

Credit:

The information has been provided by Vendor

The original article can be found at:https://wordpress.org/plugins/minimal-coming-soon-maintenance-mode/#developers


Details

Allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo.

 

Vulnerable Systems:

Minimal Coming Soon & Maintenance Mode through 2.10

 

CVE Information:

CVE-2020-6167

 

Disclosure Timeline:
Published Date:1/9/2020

Categories: News