Reflected Cross-Site Scripting in Smart Maintenance Mode Plugin for WordPress
CVE-2025-1490
6.1MEDIUM
What is CVE-2025-1490?
The Smart Maintenance Mode plugin for WordPress suffers from a Reflected Cross-Site Scripting (XSS) vulnerability due to insufficient sanitization of user inputs, specifically in the āsetstatusā parameter. This flaw affects all versions up to and including 1.5.2. Unauthenticated attackers can exploit this vulnerability by crafting malicious links that, when clicked, execute arbitrary web scripts within the user's browser session. This exposure can lead to unauthorized actions and compromise user data, making it critical for users to update to a patched version.
Affected Version(s)
Smart Maintenance Mode * <= 1.5.2