If you are using the WP Maintenance Plugin on your site, there was posted a High Severity Vulnerability on November 19th from the WordFence Security Team. It is neccessary to update your plugin immediately.
On November 15th, 2019, our Threat Intelligence team identified a vulnerability present in WP Maintenance, a WordPress plugin with approximately 30,000+ active installs. This flaw allowed attackers to enable a vulnerable site’s maintenance mode and inject malicious code affecting site visitors. We disclosed this issue privately to the plugin’s developer who released a patch the next day.
Plugin versions of WP Maintenance up to 5.0.5 are vulnerable to attacks against this flaw. All WP Maintenance users should update to version 5.0.6 immediately.
You can read the full announcement from Wordfence on: High Severity Vulnerability Patched in WP Maintenance Plugin