cleantalk
Vulnerabilities and Security Researches

Maintenance, CVE-2021-24533

CVE, Research URL

CVE-2021-24533

Home page URL

Security reports for Maintenance

Application

Maintenance

Published on
Aug 23, 2021
Research Description
The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them (even when the unfiltered_html capability is disallowed), which will be triggered in the frontend
Affected versions
Min -, max 4.03.
Status
vulnerable
Previous vulnerability researches
WooCommerce Maintenance Mode (Free) (CVE-2024-49651) , Oct 25, 2024
Maintenance Notice (CVE-2025-28859) , Mar 13, 2025
Smart Maintenance & Countdown (CVE-2025-27332) , Feb 26, 2025
Maintenance & Coming Soon Redirect Animation (CVE-2024-9503) , Dec 21, 2024
Maintenance & Coming Soon Redirect Animation (CVE-2024-43944) , Aug 29, 2024
New vulnerability
Site Search 360 (CVE-2025-39530) , Apr 17, 2025
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2025-39589) , Apr 17, 2025
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2025-39590) , Apr 17, 2025
Basic Interactive World Map (CVE-2025-39517) , Apr 17, 2025
Dynamic Post (CVE-2025-39522) , Apr 17, 2025