Headline

CVE-2021-36828: WP Maintenance

Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance (WordPress plugin) <= 6.0.4 affects multiple inputs.

2 years ago

CVE

Open in Source

#xss #web #google #git

Details
Reviews
Installation
Support
Development

The WP Maintenance plugin allows you to put your website on the waiting time for you to do maintenance or launch your website. Personalize this page, pictures and countdown with:

Features

Choice texts colors and fonts
Upload logo picture
Upload background picture or pattern
Slider
Countdown
Google Analytics ready
Social Networks ready
Customize CSS
Insert for shorcode (Newletter or Contact form)
Enable “503 Service temporarily unavailable”
Choose access by Roles and Capabilities
Choose access by IP address
Choose access by ID Pages

wp-maintenance.pot file available

Upload the full directory into your ‘/wp-content/plugins’ directory
Activate the plugin at the plugin administration page

You will find ‘WP Maintenance’ menu in your WordPress admin panel

WP Maintenance Needs Your Support

It is hard to continue development and support for this free plugin without contributions from users like you. If you enjoy using WP Maintenance and find it useful, please consider making a donation. Your donation will help encourage and support the plugin’s continued development and better user support.

I have activated plugin and don’t see any changes, looks like plugin is not working.

This is normal because you are logged in as an administrator. Try a different browser or use the preview link. If you have registered as a wordpress user, you see the site in normal mode.

I have disabled plugin but I don’t see any changes, I have always the maintenance page, looks like plugin is not working.

You have a cache plugin ? Try to purge it and try again.

Where can I find out the login page to get to the site?

You can use your administrator access or create new user in wordpress dashboard
https://yousite.com/wp-admin/

Can I change the plugin code?

Yes. Thank you for submitting your changes to update the plugin.

Translations

You can translate WP Maintenance on translate.wordpress.org.

très bon plugin, seul bémol il ne fonctionne pas sur les mobiles, impossible de l’activer sur les mobiles

Propre, efficace, maintenue, gratuite, que demander de + ? Merci au dev !

Efficace et pratique. Merci à l’Auteur

Je pensais avoir trouvé un super widget avec celle-ci, mais elle réagit vraiment bizarrement au point ou parfois on perd du temps pour savoir si des choses marchent. La page rs notamment. On dit que l’on peut mettre ses propres images rs. Cela ne marche pas… et je ne sais pas pourquoi… d’autant que l’appli semble vous aider en ajoutant l’url du dossier de destination. Mais quand vous complétez le chemin et enregistrez… ben il commence forcement l’enregistrement par https… parmi les icônes proposées une série fonctionne pas… tout ça est bien dommage. Enfin si l’auteur peut déjà “clarifier” et comment on met ses propres icones ce serait cool.