WordPress plugin WP Maintenance before 5.0.6 Cross-Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting.
The information has been provided by Chloe Chamberland
The original article can be found at:https://wpvulndb.com/vulnerabilities/9954
A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site’s maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS.
WordPress plugin WP Maintenance before 5.0.6