Site Offline or Coming Soon <= 1.6.6 - Stored Cross-Site Scripting via CSRF
CVE-2022-1593

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Site Offline Or Coming Soon
Vendor: CVE Published:; 27 June 2022

What is CVE-2022-1593?

The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack

Affected Version(s)

Site Offline or Coming Soon 1.6.6

References

https://wpscan.com/vulnerability/67678666-402b-4010-ac56-...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2022
Vulnerability Reserved
May 5, 2022

Credit

Daniel Ruf