IgniteUp < 3.4.1 - Multiple Issues



Description
All issues can be triggered by unauthenticated users:

- Arbitrary File Deletion
- HTML injection & CSRF in email messages
- Stored Cross-Site Scripting
- Disclosure of subscribers' email address
- Arbitrary subscriber deletion 
- Arbitrary plugin’s template switch

Affects Plugin

References

CVE 2019-17234
CVE 2019-17235
CVE 2019-17236
CVE 2019-17237
URL https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-igniteup-coming-soon-and-maintenance-mode-plugin/

Classification

Type MULTI

Miscellaneous

Original Researcher Jerome Bruandet
Views 4119
Verified No
WPVDB ID 9943

Timeline

Publicly Published 2019-11-10 (about 1 month ago)
Added 2019-11-10 (about 1 month ago)
Last Updated 2019-11-28 (16 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin