Reflected Cross-Site Scripting in Smart Maintenance Mode Plugin for WordPress
CVE-2025-1490

6.1MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
26 March 2025

What is CVE-2025-1490?

The Smart Maintenance Mode plugin for WordPress suffers from a Reflected Cross-Site Scripting (XSS) vulnerability due to insufficient sanitization of user inputs, specifically in the ā€˜setstatus’ parameter. This flaw affects all versions up to and including 1.5.2. Unauthenticated attackers can exploit this vulnerability by crafting malicious links that, when clicked, execute arbitrary web scripts within the user's browser session. This exposure can lead to unauthorized actions and compromise user data, making it critical for users to update to a patched version.

Affected Version(s)

Smart Maintenance Mode * <= 1.5.2

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Krzysztof Zając
.
The Cyber Security Vulnerability Database.