CVE-2022-50955
Received Received - Intake
Cross-Site Request Forgery in Curtain WordPress Plugin

Publication date: 2026-05-10

Last updated on: 2026-05-10

Assigner: VulnCheck

Description
WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can trick authenticated administrators into submitting forged requests to the options-general.php page with curtain parameters to toggle maintenance mode without valid nonce validation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-10
Last Modified
2026-05-10
Generated
2026-06-20
AI Q&A
2026-05-10
EPSS Evaluated
2026-06-18
NVD
CVE-2022-50955
EUVD
EUVD-2022-55976
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
leo curtain 1.0.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

The WordPress Plugin Curtain version 1.0.2 contains a Cross-Site Request Forgery (CSRF) vulnerability. This flaw allows attackers to trick authenticated administrators into submitting forged requests that activate or deactivate the site's maintenance mode. The vulnerability exists because the plugin does not properly validate nonces, which are security tokens meant to prevent unauthorized actions. Attackers exploit this by sending malicious requests to the options-general.php page with specific parameters to toggle maintenance mode without proper authorization.

Impact Analysis

This vulnerability can impact you by allowing attackers to manipulate your website's maintenance mode settings without your consent. Specifically, attackers can force your site into maintenance mode or disable it, potentially causing disruption to your site's availability or user experience. Since the attack targets authenticated administrators, it could lead to unauthorized changes that affect site operations.

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized or suspicious HTTP requests targeting the options-general.php page with parameters related to the Curtain plugin's maintenance mode toggle.

Specifically, look for POST or GET requests that attempt to activate or deactivate maintenance mode without valid nonce validation.

Network or web server logs can be searched for such requests to identify potential exploitation attempts.

  • Use tools like grep or similar to search web server logs for requests to options-general.php containing 'curtain' parameters.
  • Example command to search Apache logs: grep 'options-general.php' /var/log/apache2/access.log | grep 'curtain'
  • Monitor for unexpected POST requests to options-general.php from authenticated administrator IPs that do not include valid nonce tokens.
Mitigation Strategies

The immediate mitigation step is to remove or deactivate the Curtain WordPress plugin version 1.0.2 from your site.

Since the plugin has been removed from the WordPress Plugin Directory due to this security issue, it is recommended not to use it.

Additionally, ensure that your WordPress installation and all plugins are updated to the latest versions to avoid similar vulnerabilities.

If removal is not immediately possible, restrict access to the options-general.php page to trusted administrators only and monitor for suspicious activity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50955. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart