Unrated severityNVD Advisory· Published Jun 27, 2022· Updated Aug 3, 2024
Site Offline or Coming Soon <= 1.6.6 - Stored Cross-Site Scripting via CSRF
CVE-2022-1593
Description
The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Site Offline or Coming Soondescription
- Range: <=1.6.6
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/67678666-402b-4010-ac56-7067a0f40185mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.