CVE-2021-24577

Published: Oct 11, 2021Modified: Jun 17, 2026

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not properly sanitize inputs submitted by authenticated users when setting adding or modifying coming soon or maintenance mode pages, leading to stored XSS.

Affected (1)

Products: Wpdevart: Coming Soon And Maintenance Mode

Wpdevart

1 product

Coming Soon And Maintenance Mode

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpdevart Coming Soon And Maintenance Mode	Before 3.5.3

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://wpscan.com/vulnerability/d453b547-41a8-4a6b-8349-8686b7054805

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/d453b547-41a8-4a6b-8349-8686b7054805

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.