CVE-2021-24577: 
WordPress vulnerability analysis and mitigation

The Coming Soon and Maintenance Mode WordPress plugin before version 3.5.3 contains a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2021-24577. The vulnerability was publicly disclosed on September 13, 2021. The issue affects the plugin's functionality when authenticated users are setting, adding, or modifying coming soon or maintenance mode pages (WPScan).

The vulnerability stems from improper input sanitization in the plugin's settings interface. Specifically, when authenticated users interact with the Title section's form field, malicious XSS payloads can be injected and stored. The vulnerability has been assigned a CVSS score of 3.4 (low severity) and is classified under CWE-79 (Cross-Site Scripting) (WPScan).

When successfully exploited, this vulnerability allows authenticated users to inject and store malicious scripts that can execute when other users access the affected pages. This could lead to potential client-side attacks against site administrators or other users viewing the compromised pages (WPScan).

The vulnerability has been patched in version 3.5.3 of the Coming Soon and Maintenance Mode plugin. Site administrators are advised to update to this version or later to mitigate the risk (WPScan).