Wp Maintenance Mode Coming Soon
Monthly
The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.