CVE-2022-1576

Summary

The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack

Affected Software

VendorProductVersion RangeStatus
UnknownWP Maintenance Mode & Coming Soon2.0.4 < 2.0.4*affected
UnknownWP Maintenance Mode & Coming Soon2.4.5 < 2.4.5affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References