CVE-2021-36841

Name of the Vulnerable Software and Affected Versions YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7

Description The issue is an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. It affects the &yith maintenance newsletter submit label parameter. This vulnerability can be exploited even when WordPress configuration disallows unfiltered HTML.

Recommendations For YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, update to a version greater than 1.3.7 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameter &yith maintenance newsletter submit label to minimize the risk of exploitation.