VYPR

Wp Maintenance

by WordPress

Source repositories

CVEs (7)

  • CVE-2025-47683HigMay 7, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance wp-maintenance allows Object Injection.This issue affects WP Maintenance: from n/a through <= 6.1.9.7.

  • CVE-2024-0789MedJun 19, 2024
    risk 0.34cvss 5.3epss 0.00

    The WP Maintenance plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.1.9.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for…

  • CVE-2024-1472MedFeb 29, 2024
    risk 0.34cvss 5.3epss 0.00

    The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API.

  • CVE-2023-47769LowJun 4, 2024
    risk 0.24cvss 3.7epss 0.00

    Authentication Bypass by Spoofing vulnerability in WP Maintenance allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Maintenance: from n/a through 6.1.3.

  • CVE-2022-30536Jul 21, 2022
    risk 0.00cvss epss 0.01

    Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP Maintenance plugin <= 6.0.7 at WordPress.

  • CVE-2021-36828Apr 15, 2022
    risk 0.00cvss epss 0.01

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance plugin <= 6.0.7 versions.

  • CVE-2019-19979Dec 26, 2019
    risk 0.00cvss epss 0.01

    A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS.