cvedb.io
CVE-2022-1593
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2022-06-27T09:15:09.273 · Last modified 2026-06-17T04:22:45.267

Summary

The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack

Affected products

site_offline_or_coming_soon_project — site_offline_or_coming_soon

Does this affect you?

Add your gear to cvedb and we'll alert you only when site_offline_or_coming_soon_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.