CVE-2021-24577

Name of the Vulnerable Software and Affected Versions Coming soon and Maintenance mode WordPress plugin versions prior to 3.5.3

Description The issue arises from the plugin's failure to properly sanitize inputs submitted by authenticated users when setting, adding, or modifying coming soon or maintenance mode pages. This leads to stored XSS.

Recommendations For versions prior to 3.5.3, update to version 3.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the page editing functionality for authenticated users until the update is applied.