Smart Maintenance Mode, CVE-2024-12683

CVE, Research URL: CVE-2024-12683
Home page URL: Security reports for Smart Maintenance Mode
Application: Smart Maintenance Mode
Published on: Mar 26, 2025
Research Description: The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max 1.5.2.
Status: vulnerable