VYPR

Maintenance Mode

by WordPress

CVEs (4)

  • CVE-2024-1478MedMar 5, 2024
    risk 0.35cvss 5.3epss 0.01

    The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.1 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content…

  • CVE-2025-10638MedOct 22, 2025
    risk 0.34cvss 5.3epss 0.00

    The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks authorization in its subscriber export function allowing unauthenticated attackers to download a list of a site's subscribers containing their name and email address

  • CVE-2021-36845Sep 27, 2021
    risk 0.00cvss epss 0.01

    Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 -…

  • CVE-2021-36841Sep 27, 2021
    risk 0.00cvss epss 0.01

    Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress configuration.