Maintenance Mode
by Helderk
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-9429 | Med | 0.42 | 6.5 | 0.01 | Sep 26, 2019 | The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. | ||
| CVE-2025-10638 | Med | 0.34 | 5.3 | 0.00 | Oct 22, 2025 | The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address | ||
| CVE-2024-1478 | Med | 0.34 | 5.3 | 0.01 | Mar 5, 2024 | The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.1 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content… | ||
| CVE-2024-32708 | Low | 0.24 | 3.7 | 0.00 | May 17, 2024 | Authentication Bypass by Spoofing vulnerability in helderk Maintenance Mode allows Functionality Bypass.This issue affects Maintenance Mode: from n/a through 3.0.1. |
- risk 0.42cvss 6.5epss 0.01
The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter.
- risk 0.34cvss 5.3epss 0.00
The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address
- risk 0.34cvss 5.3epss 0.01
The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.1 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content…
- risk 0.24cvss 3.7epss 0.00
Authentication Bypass by Spoofing vulnerability in helderk Maintenance Mode allows Functionality Bypass.This issue affects Maintenance Mode: from n/a through 3.0.1.