CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-19979 – WP Maintenance <= 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-19979
A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS. Un fallo en el plugin de WordPress, WP Maintenance versiones anteriores a 5.0.6, permitió a atacantes habilitar el modo de mantenimiento de un sitio vulnerable e inyectar código malicioso que afecta a los visitantes del sitio. Se presentó un CSRF con un XSS resultante. • https://wpvulndb.com/vulnerabilities/9954 https://www.wordfence.com/blog/2019/11/high-severity-vulnerability-patched-in-wp-maintenance-plugin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •