The yith-maintenance-mode plugin prior to 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yithemes yith maintenance mode |