CVE-2024-51645 identifies a security vulnerability in the ThemeFuse Maintenance Mode plugin for WordPress, specifically versions up to and including 1.1.3. The vulnerability is a Cross-Site Request Forgery (CSRF) that enables an attacker to perform unauthorized state-changing actions on the plugin's configuration interface. Because the plugin lacks proper CSRF protections (such as nonce verification), an attacker can trick an authenticated administrator into submitting crafted requests that modify plugin settings. This unauthorized modification can lead to Stored Cross-Site Scripting (XSS), where malicious JavaScript code is persistently stored within the plugin's data and executed in the context of users visiting the affected site or administrators managing it. Stored XSS can be leveraged to steal cookies, hijack sessions, perform actions on behalf of users, or deliver further malware. The vulnerability affects all versions up to 1.1.3, with no patch currently available or linked. While no known exploits are in the wild, the combination of CSRF and stored XSS significantly increases the attack surface and risk. The plugin is commonly used to display maintenance mode pages on WordPress sites, meaning many websites relying on this plugin for downtime or maintenance notifications could be at risk. The attack requires the victim to be an authenticated administrator or user with sufficient privileges to modify plugin settings, but does not require additional user interaction beyond visiting a malicious page. The lack of a CVSS score necessitates a severity assessment based on impact and exploitability factors.

The impact of CVE-2024-51645 is considerable for organizations using the ThemeFuse Maintenance Mode plugin. Successful exploitation allows attackers to inject persistent malicious scripts into the site, potentially compromising the confidentiality of user data through session hijacking or cookie theft. Integrity is affected as attackers can alter plugin settings and site behavior without authorization. Availability could be impacted if injected scripts disrupt site functionality or redirect users to malicious sites. Since the vulnerability requires an authenticated administrator, the risk is higher in environments with weak administrative access controls or where phishing/social engineering can be used to lure admins to malicious sites. The stored XSS can also be used to escalate attacks, including privilege escalation or lateral movement within the site. Organizations relying on this plugin for critical maintenance notifications may face reputational damage and user trust loss if exploited. The absence of known public exploits reduces immediate risk but does not eliminate it, as attackers could develop exploits once details are public. The vulnerability's presence in a widely used WordPress plugin means a broad range of small to medium businesses, blogs, and enterprise sites could be affected globally.

To mitigate CVE-2024-51645, organizations should immediately verify if their WordPress installations use the ThemeFuse Maintenance Mode plugin at or below version 1.1.3. Until an official patch is released, administrators should consider disabling or uninstalling the plugin to eliminate exposure. Restrict administrative access strictly using strong authentication methods such as multi-factor authentication (MFA) to reduce the risk of compromised credentials. Implement Content Security Policy (CSP) headers to limit the impact of any injected scripts. Monitor web server and application logs for unusual POST requests targeting the plugin's configuration endpoints. Educate administrators about the risks of visiting untrusted websites while logged into WordPress admin panels to reduce CSRF attack vectors. Once a patch is available, apply it promptly. Additionally, consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block suspicious requests targeting the plugin. Regularly audit plugin usage and update all WordPress components to minimize vulnerabilities.