CVE-2022-1576

Name of the Vulnerable Software and Affected Versions WP Maintenance Mode & Coming Soon WordPress plugin versions prior to 2.4.5

Description The issue is related to a lack of CSRF protection when emptying the subscribed users list. This could allow attackers to perform a CSRF attack, making a logged-in admin empty the list without their knowledge or consent.

Recommendations For versions prior to 2.4.5, update to version 2.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the subscribed users list management functionality to minimize the risk of exploitation.