WordPress plugin WP Maintenance before 5.0.6 Cross-Site Request Forgery (CSRF) Vulnerability

Summary

Cross-Site Request Forgery to Stored Cross-Site Scripting.

Credit:

The information has been provided by Chloe Chamberland

The original article can be found at:https://wpvulndb.com/vulnerabilities/9954


Details

A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site’s maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS.

 

Vulnerable Systems:

WordPress plugin WP Maintenance before 5.0.6

 

CVE Information:

CVE-2019-19979

 

Disclosure Timeline:
Published Date:12/25/2019

Categories: News