YITH Maintenance Mode, CVE-2021-36841

CVE, Research URL: CVE-2021-36841
Home page URL: Security reports for YITH Maintenance Mode
Application: YITH Maintenance Mode
Published on: Sep 27, 2021
Research Description: Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress configuration.
Affected versions: Min -, max 1.4.0.
Status: vulnerable