Wpdevart: >> Coming Soon And Maintenance Mode >> 3.5.5 Security Vulnerabilities
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its coming_soon_send_mail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack
CVSS Score
4.3
EPSS Score
0.001
Published
2022-02-21