CVE-2021-24533 – Maintenance < 4.03 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24533
The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them (even when the unfiltered_html capability is disallowed), which will be triggered in the frontend El plugin de WordPress Maintenance versiones anteriores a 4.03, no sanea o escapa de algunas de sus configuraciones, permitiendo a usuarios con altos privilegios, como los administradores, ver en ellas cargas útiles de tipo Cross-Site Scripting (incluso cuando la capacidad unfiltered_html está deshabilitada), que serán desencadenadas en el frontend. • https://wpscan.com/vulnerability/174b2119-b806-4da4-a23d-c19b552c86cb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •