VYPR

Curtain

by WordPress

Source repositories

CVEs (2)

  • CVE-2022-1558MedMay 23, 2022
    risk 0.31cvss 4.8epss 0.01

    The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

  • CVE-2022-50955MedMay 10, 2026
    risk 0.28cvss 4.3epss 0.00

    WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can trick authenticated administrators into submitting forged requests to the…