WordPress Plugin Vulnerabilities

YITH Maintenance Mode < 1.4.0 - Multiple Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise multiple of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks

Affects Plugins

Plugin icon
yith-maintenance-mode
Fixed in 1.4.0

References

CVE
CVE-2021-36845

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Verified
No
WPVDB ID
06baad63-58aa-45ca-a4d4-9cf3a87e2944

Timeline

Publicly Published
2021-09-23 (about 4 years ago)
Added
2021-09-27 (about 4 years ago)
Last Updated
2022-04-12 (about 4 years ago)

Other

Published
Title
Published
2016-02-10
Title
OptionTree < 2.6.0 - Authenticated Cross-Site Scripting (XSS)
Published
2024-04-10
Title
Advanced Cron Manager – debug & control < 2.5.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Published
2021-10-14
Title
Business Manager < 1.4.6 - Admin+ Stored Cross-Site Scripting
Published
2024-02-14
Title
Action Network < 1.4.3 - Reflected Cross-Site Scripting via 'search'
Published
2021-08-02
Title
ShareThis Dashboard for Google Analytics < 2.5.2 - Reflected Cross-Site Scripting (XSS)