WP Maintenance Plugin 5.0.6 CSRF and XSS Vulnerability

WP Maintenance Plugin 5.0.6 CSRF and XSS Vulnerability

CVE-2019-19979 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS.

Learn more about our Wordpress Pen Testing.