CVE-2022-1593

CVE-2022-1593: Site Offline or Coming Soon <= 1.6.6 - Stored Cross-Site Scripting via CSRF

Vendor Unknown
Product Site Offline or Coming Soon
Weakness CWE-79 · XSS
Published June 27, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack

Key dates

02Disclosure timeline

June 27, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE