CVE-2018-20156

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt