| CVE/PSC | Application | Date | Affected versions | Description |
|---|---|---|---|---|
| Actual on: Jul 01, 2025, 04:07:27 | Entries count: 3 | |||
|
vulnerable
|
Jun 06, 2024, 21:06:27 |
Min -
Max 1.2.0
|
The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. | |
|
vulnerable
|
Jun 06, 2024, 21:06:27 |
Min -
Max 1.4.0
|
Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress configuration. | |
|
vulnerable
|
Jun 06, 2024, 21:06:27 |
Min -
Max 1.4.0
|
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 - "Newsletter" tab, &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (') symbol to break the context, i.e.: NOTIFY ME' autofocus onfocus=alert(/Visse/);// v=' - this payload will be auto triggered ... | |