Coming Soon Page & Maintenance Mode, 2278ab4480bfdc887d6874792f73d7de345ba1e5

CVE, Research URL: 2278ab4480bfdc887d6874792f73d7de345ba1e5
Home page URL: Security reports for Coming Soon Page & Maintenance Mode
Application: Coming Soon Page & Maintenance Mode
Published on: Jul 16, 2019
Research Description: Coming Soon Page & Maintenance Mode [responsive-coming-soon] < 1.8.2 Coming Soon Page & Maintenance Mode <= 1.8.1 - Stored Cross Site Scripting The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logo_width, logo_height, rcsp_logo_url, home_sec_link_txt, rcsp_headline and rcsp_description parameters in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.8.2.
Status: vulnerable