CVE-2025-49284 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the WordPress plugin "WP Maintenance Mode & Site Under Construction" developed by wp-buy. This vulnerability affects all versions up to 4.3. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a forged request to a web application in which they are currently authenticated, potentially causing unintended actions without the user's consent. In this case, the vulnerability could allow an attacker to perform unauthorized state-changing operations on the affected WordPress site by exploiting the lack of proper anti-CSRF tokens or validation mechanisms in the plugin's request handling. The CVSS 3.1 base score is 4.3 (medium severity), with the vector indicating that the attack can be performed remotely over the network (AV:N), requires low attack complexity (AC:L), does not require privileges (PR:N), but does require user interaction (UI:R). The impact is limited to integrity (I:L) with no confidentiality (C:N) or availability (A:N) impact. No known exploits are currently in the wild, and no official patches have been linked yet. The vulnerability is classified under CWE-352, which is the standard classification for CSRF issues. This plugin is commonly used to put WordPress sites into maintenance or construction mode, often temporarily restricting access or displaying custom messages during site updates or development.

For European organizations using WordPress sites with the WP Maintenance Mode & Site Under Construction plugin, this vulnerability could allow attackers to perform unauthorized changes to site settings or maintenance mode configurations by tricking authenticated administrators or users with sufficient privileges into executing malicious requests. While the confidentiality and availability of the site are not directly impacted, the integrity of site configurations can be compromised, potentially leading to unauthorized site behavior or exposure of the site during maintenance windows. This could result in reputational damage, disruption of planned maintenance activities, or unauthorized exposure of the site to visitors. Organizations relying on this plugin for critical maintenance workflows may experience operational disruptions. Given the medium severity and the requirement for user interaction, the risk is moderate but should not be ignored, especially in environments where multiple administrators or privileged users access the WordPress backend.

European organizations should immediately audit their WordPress installations to identify the use of the WP Maintenance Mode & Site Under Construction plugin, particularly versions up to 4.3. Until an official patch is released, administrators should consider the following mitigations: 1) Restrict administrative access to trusted networks or VPNs to reduce exposure to CSRF attacks. 2) Implement strict Content Security Policy (CSP) headers to limit the ability of attackers to execute malicious scripts that could trigger CSRF requests. 3) Educate administrators and privileged users to avoid clicking on suspicious links or visiting untrusted websites while logged into WordPress admin panels. 4) Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious POST requests that could exploit CSRF. 5) Monitor logs for unusual administrative actions or changes to maintenance mode settings. 6) Consider temporarily disabling the plugin during critical periods or until a patch is available. 7) Follow vendor communications closely for patch releases and apply updates promptly once available.