Vulnerabilities and security researches forwp-maintenance wp-maintenance

May 09, 2025

CVE, Research URL: CVE-2025-47683
Home page URL: Security reports for WP Maintenance
Application: WP Maintenance
Date: May 07, 2025
Research Description: Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance allows Object Injection. This issue affects WP Maintenance: from n/a through 6.1.9.7.
Affected versions: Min -, max -.
Status: vulnerable

Jun 21, 2024

CVE, Research URL: CVE-2024-0789
Home page URL: Security reports for WP Maintenance
Application: WP Maintenance
Date: Jun 19, 2024
Research Description: The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass maintenance mode.
Affected versions: Min -, max -.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2019-19979
Home page URL: Security reports for WP Maintenance
Application: WP Maintenance
Date: Dec 26, 2019
Research Description: A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-1472
Home page URL: Security reports for WP Maintenance
Application: WP Maintenance
Date: Feb 29, 2024
Research Description: The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-36828
Home page URL: Security reports for WP Maintenance
Application: WP Maintenance
Date: Apr 15, 2022
Research Description: Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance plugin <= 6.0.7 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-30536
Home page URL: Security reports for WP Maintenance
Application: WP Maintenance
Date: Jul 21, 2022
Research Description: Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-47769
Home page URL: Security reports for WP Maintenance
Application: WP Maintenance
Date: Jun 04, 2024
Research Description: Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Maintenance: from n/a through 6.1.3.
Affected versions: Min -, max -.
Status: vulnerable