WordPress plugin WP Maintenance before 5.0.6 Cross-Site Request Forgery (CSRF) Vulnerability


Cross-Site Request Forgery to Stored Cross-Site Scripting.


The information has been provided by Chloe Chamberland

The original article can be found at:https://wpvulndb.com/vulnerabilities/9954


A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site’s maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS.


Vulnerable Systems:

WordPress plugin WP Maintenance before 5.0.6


CVE Information:



Disclosure Timeline:
Published Date:12/25/2019

Categories: News