WordPress Under Construction / Maintenance Mode from Acurax Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-39926

7.1HIGH

Key Information:

Vendor: WordPress
Status: Under Construction / Maintenance Mode From Acurax
Vendor: CVE Published:; 16 November 2023

What is CVE-2023-39926?

The Acurax Under Construction / Maintenance Mode Plugin version 2.6 and earlier are susceptible to a stored cross-site scripting vulnerability. This issue allows attackers to inject malicious scripts, which can be executed in the context of a user's browser. If exploited, this vulnerability may lead to unauthorized access to sensitive information and manipulation of web page content, potentially compromising the security of the affected website. Site operators are urged to update the plugin immediately to mitigate any associated risks.

Affected Version(s)

Under Construction / Maintenance Mode from Acurax <= 2.6

References

https://patchstack.com/database/vulnerability/coming-soon...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 16, 2023
Vulnerability Reserved
Aug 7, 2023

Credit

Robert DeVore (Patchstack Alliance)