Site Offline WP Plugin < 1.5.3 - Authorization Bypass

The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature. id: CVE-2022-1580 info: name: Site Offline WP Plugin 1.5.3 - Authorization Bypass author: s4e-io...

EUVD-2020-23429

Malware in sbrugna...

CVE-2025-48348 WordPress Site Offline plugin <= 1.5.7 - Broken Access Control vulnerability

Incorrect Privilege Assignment vulnerability in chandrashekharsahu Site Offline site-offline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Offline: from n/a through = 1.5.7...

WordPress plugin Site Offline 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Site Offline plugin <= 1.5.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Site Offline versions = 1.5.7...

CVE-2020-35773

The site-offline plugin before 1.4.4 for WordPress lacks certain wpcreatenonce and wpverifynonce calls, aka CSRF...

CVE-2023-49190 WordPress Site Offline Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS.This issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6...

WordPress Site Offline Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS)

Software Site Offline Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.5.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49190 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 49fa69649ba8 Credits emad Required privilege Administrator...

WordPress plugin Site Offline 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in the WordPress...

CVE-2022-1593

The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads ...

WordPress plugin Site Offline or Coming Soon 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Site Offline or Coming Soon plugin version 1.6.6 and earlier are vulnerable to cross-site request...

Site Offline or Coming Soon <= 1.6.6 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack "...

WordPress site-offline plugin cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress site-offline plugin prior to...

CVE-2020-35773

The site-offline plugin before 1.4.4 for WordPress lacks certain wpcreatenonce and wpverifynonce calls, aka CSRF...

Cross site request forgery (csrf)

The site-offline plugin before 1.4.4 for WordPress lacks certain wpcreatenonce and wpverifynonce calls, aka CSRF...

CVE-2020-35773

The site-offline plugin before 1.4.4 for WordPress lacks certain wpcreatenonce and wpverifynonce calls, aka CSRF...

CVE-2020-35773

CVE-2020-35773 concerns the WordPress Site Offline plugin prior to 1.4.4, which lacks several nonce checks (wp_create_nonce/wp_verify_nonce), enabling cross‑site request forgery (CSRF). The documented impact states that a logged‑in administrator could be coerced into changing plugin settings via ...

WordPress Site Offline plugin <= 1.4.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities found in WordPress Site Offline plugin versions = 1.4.2. Solution Update the WordPress Site Offline plugin to the latest available version at least 1.4.4...