NS Maintenance Mode for WP

3.5 / 10

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

Description

The NS Maintenance Mode for WP WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Basic Information

ID CVE-2025-10636

Source WPScan

Published Oct 30, 2025 at 06:00

Modified Oct 30, 2025 at 14:09

Affected Product

Vendor Unknown

Product NS Maintenance Mode for WP

Affected Versions Unknown NS Maintenance Mode for WP 0

CWE Classification

References

wpscan.com /vulnerability/a1ab1d82-108e-4f66-9d06-5036cde9678a/

{
    "lastseen": "",
    "description": "The NS Maintenance Mode for WP WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",
    "published": "2025-10-30T06:00:07.969Z",
    "modified": "2025-10-30T14:09:05.103Z",
    "type": "cve",
    "title": "NS Maintenance Mode for WP <= 1.3.1 - Admin+ Stored XSS",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/a1ab1d82-108e-4f66-9d06-5036cde9678a/",
    "id": "CVE-2025-10636",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown NS Maintenance Mode for WP 0",
    "sourceHref": "",
    "cvss": {
        "score": 3.5,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NS Maintenance Mode for WP",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

NS Maintenance Mode for WP <= 1.3.1 - Admin+ Stored XSS_CVE-2025-10636