yithemes yith_maintenance_mode CVE Vulnerabilities (3)

CVEs: 3 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting yithemes yith_maintenance_mode (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 13 of 3 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2021-36845 Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. Vulnerable parameters: 1 - "Newsletter" tab, &yith_maintenance_newsletter_submit_label parameter: payload should start with a single quote (') symbol to break the context, i.e.: NOTIFY ME' autofocus onfocus=alert(/Visse/);// v=' - this payload will be aut [email protected] 6.9 0.71% 2021-09-27 2026-06-16
CVE-2021-36841 Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress configuration. [email protected] 6.9 0.63% 2021-09-27 2026-06-16
CVE-2015-9429 The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. [email protected] 6.5 0.87% 2019-09-25 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence