Skip to main content

Wp Maintenance

3 CVEs product

Monthly

CVE-2024-1472 MEDIUM PATCH This Month

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure WordPress Wp Maintenance
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-30536 MEDIUM PATCH This Month

Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS WordPress Wp Maintenance
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2019-19979 HIGH POC This Week

A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress CSRF Wp Maintenance
NVD
CVSS 3.1
8.8
EPSS
0.6%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure WordPress +1
NVD
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS WordPress Wp Maintenance
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress CSRF +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy