CVE-2022-1580
published 2022-09-19CVE-2022-1580: The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL…
PriorityP425medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EXPLOIT
EPSS
1.30%
66.8th percentile
The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freehtmldesigns | site_offline | < 1.5.3 | 1.5.3 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Site Offline WP Plugin < 1.5.3 - Authorization Bypass
nuclei·CVSS 4.3
CVE-2022-1580 [MEDIUM] Site Offline WP Plugin < 1.5.3 - Authorization Bypass
Site Offline WP Plugin < 1.5.3 - Authorization Bypass
The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.
Template:
id: CVE-2022-1580
info:
name: Site Offline WP Plugin < 1.5.3 - Authorization Bypass
author: s4e-io
severity: medium
description: |
The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.
impact: |
Attackers can bypass the site offline/maintenance mode by adding specific keywords to the URL query string, gaining unauthorized access to the website.
remediation: Fixed in 1.5.3
reference:
- http
No writeups or analysis indexed.
2022-09-19
Published