CVE-2021-24577

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.4%
top 41.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Coming Soon AND Maintenance ModeWpdevart Coming Soon AND Maintenance Mode
Timeline
PublishedOct 11
Latest updateMay 24

Description

The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode pages, leading to stored XSS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/coming_soon_and_maintenance_mode3.5.33.5.3

🔴Vulnerability Details

2
GHSA
GHSA-32hf-ffvm-wx32: The Coming soon and Maintenance mode WordPress plugin before 32022-05-24
CVEList
Coming Soon and Maintenance Mode < 3.5.3 - Authenticated Stored XSS2021-10-11
CVE-2021-24577 (MEDIUM CVSS 5.4) | The Coming soon and Maintenance mod | cvebase.io