ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Minimal Coming Soon & Maintenance Mode plugin <= 2.10 - CSRF to Stored XSS and Setting Changes vulnerability

Product
Minimal Coming Soon & Maintenance Mode – Coming Soon Page
Description
CSRF to Stored XSS and Setting Changes vulnerability found by Chloe Chamberland in WordPress Minimal Coming Soon & Maintenance Mode plugin (versions <= 2.10).
Solution
Update the WordPress Minimal Coming Soon & Maintenance Mode plugin to the latest available version (at least 2.15).
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
Plugin changelog
CVE
Name CVE-2020-6167
Versions
Affected In <= 2.10
Fixed In 2.15
Disclosure date
2020-01-08
Credits
Chloe Chamberland
Submitter
ThreatPress