Vulnerabilities > Yithemes > Yith Maintenance Mode
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-27 | CVE-2021-36841 | Cross-site Scripting vulnerability in Yithemes Yith Maintenance Mode Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. | 3.5 |
| 2021-09-27 | CVE-2021-36845 | Cross-site Scripting vulnerability in Yithemes Yith Maintenance Mode Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. | 3.5 |
| 2019-09-26 | CVE-2015-9429 | Cross-Site Request Forgery (CSRF) vulnerability in Yithemes Yith Maintenance Mode The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. | 4.3 |