CVE-2022-50955

Name of the Vulnerable Software and Affected Versions Curtain version 1.0.2

Description A cross-site request forgery (CSRF) issue allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. This occurs because the 'options-general.php' endpoint does not perform valid nonce validation for curtain parameters, enabling attackers to trick authenticated administrators into submitting forged requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.