One of the changelog entries for the latest version of the plugin WP Maintenance is “SECURITY UPDATE : Adding NONCE to forms”. Looking at the changes made in that version we found that referred to adding checks for nonces to prevent cross-site request forgery (CSRF) on the plugin’s admin pages. We found that on one of those pages the lack of that could previously lead to cross-site scripting (XSS) being able to occur.

…

[Read more]