Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Asif Nawaz Minhas (Patchstack Red Team) in WordPress YITH Maintenance Mode plugin (versions <= 1.3.7). Vulnerable parameter: &yith_maintenance_newsletter_submit_label.
Update the WordPress YITH Maintenance Mode plugin to the latest available version (at least 1.3.8).
CPE | Name | Operator | Version |
---|---|---|---|
yith maintenance mode | le | 1.3.7 |