Headline
CVE-2021-36829: WordPress Launcher: Coming Soon & Maintenance Mode plugin <= 1.0.11 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop Launcher: Coming Soon & Maintenance Mode plugin <= 1.0.11 at WordPress.
Verified
Not fixed
4.8
CVSS 3.1 score Medium severity
Monitoring Coming soon
Software
Launcher: Coming Soon & Maintenance Mode
Vulnerable versions
<= 1.0.11
PSID
c11cf9145f3e
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires high role user authentication like admin.
Publicly disclosed
2022-08-25
Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Asif Nawaz Minhas (Patchstack Alliance) in WordPress Launcher: Coming Soon & Maintenance Mode plugin (versions <= 1.0.11).
Solution
No patched version is available. Ignored by the vendor.
References