PT-2025-44373 · WordPress · Ns Maintenance Mode For Wp
Bob Matyas
·
Published
2025-10-30
·
Updated
2025-10-30
·
CVE-2025-10636
CVSS v3.1
3.5
Low
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
NS Maintenance Mode for WP WordPress plugin versions through 1.3.1
Description
The plugin does not properly sanitize and escape certain settings, potentially allowing users with high privileges, such as administrators, to carry out Stored Cross-Site Scripting (XSS) attacks. This can occur even when the
unfiltered html capability is not permitted, for example, in a multisite configuration. The issue involves insufficient input validation, which could allow malicious scripts to be stored and executed within the application.Recommendations
Update NS Maintenance Mode for WP WordPress plugin to a version later than 1.3.1.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ns Maintenance Mode For Wp