← Back

Maintenance

maintenance

Vendor: Webfactoryltd • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-24533
1Webfactoryltd
1Maintenance
Nov 21, 2024
Aug 23, 2021
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them (even when the unfiltered_html capabil...Show more
The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them (even when the unfiltered_html capability is disallowed), which will be triggered in the frontendShow less