CVE-2019-19979 HIGH

CVE-2019-19979

Vendor N/A
Product n/a
Published December 26, 2019
Last update August 5, 2024

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AC:L/AV:N/A:H/C:L/I:L/PR:N/S:C/UI:R

What the vulnerability does

01Description

A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed attackers to enable a vulnerable site's maintenance mode and inject malicious code affecting site visitors. There was CSRF with resultant XSS.

Key dates

02Disclosure timeline

December 26, 2019 CVE published
August 5, 2024 Record updated