Lucene search
Vlad Visse (Patchstack)PATCHSTACK:6427E657B17518448AEDAF331DF18E32HistorySep 23, 2021 - 12:00 a.m.
WordPress YITH Maintenance Mode plugin <= 1.3.8 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
2021-09-2300:00:00
Vlad Visse (Patchstack)
patchstack.com
11
wordpress
yith maintenance mode
cross-site scripting
authenticated
update
EPSS
0.001
Percentile
22.7%
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered by Vlad Visse (Patchstack) in WordPress YITH Maintenance Mode plugin (versions <= 1.3.8). Additionally, there are 46 additional parameters fixed that were missed by updating from vulnerable version 1.3.7 to 1.3.8 reported by Asif Nawaz Minhas (Patchstack Red Team).
Solution
Update the WordPress YITH Maintenance Mode plugin to the latest available version (at least 1.4.0).
Related
cve
cve
CVE-2021-36845
2021-09-27 16:15:09
cvelist
cvelist
prion
prion
Cross site scripting
2021-09-27 16:15:00
nvd
nvd
CVE-2021-36845
2021-09-27 16:15:09
wpvulndb
wpvulndb
YITH Maintenance Mode < 1.4.0 - Multiple Admin+ Stored Cross-Site Scripting
2021-09-23 00:00:00