The Rocket Maintenance Mode & Coming Soon Page plugin for WordPress could be vulnerable to malicious code being stored and executed on a user’s computer when they visit a page of a WordPress website. This is only an issue if the website is a multi-site installation, or if the user has disabled a certain security feature called “unfiltered_html”. The vulnerability affects all versions of the plugin up to, and including, version 4.3.