Vulnerabilities > Yithemes > Yith Maintenance Mode

DATE CVE VULNERABILITY TITLE RISK
2021-09-27 CVE-2021-36841 Cross-site Scripting vulnerability in Yithemes Yith Maintenance Mode
Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label.
network
yithemes CWE-79
3.5
2021-09-27 CVE-2021-36845 Cross-site Scripting vulnerability in Yithemes Yith Maintenance Mode
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8.
network
yithemes CWE-79
3.5
2019-09-26 CVE-2015-9429 Cross-Site Request Forgery (CSRF) vulnerability in Yithemes Yith Maintenance Mode
The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter.
network
yithemes CWE-352
4.3