The WP Maintenance Mode & Coming Soon WordPress plugin prior to 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow malicious users to make a logged in admin perform such action via a CSRF attack
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
themeisle wp maintenance mode \\& coming soon |