WordPress Plugin Vulnerabilities

Site Offline < 1.5.3 - Access Bypass

Description

The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.

Proof of Concept

Affects Plugins

Plugin icon
site-offline
Fixed in 1.5.3

References

CVE
CVE-2022-1580

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://daniel-ruf.de
Verified
Yes
WPVDB ID
7b6f91cd-5a00-49ca-93ff-db7220d2630a

Timeline

Publicly Published
2022-08-29 (about 3 years ago)
Added
2022-08-29 (about 3 years ago)
Last Updated
2022-08-29 (about 3 years ago)

Other

Published
Title
Published
2022-12-12
Title
WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API
Published
2015-06-10
Title
Paypal Currencucy Converter Basic For Woocommerce <= 1.3 - File Read
Published
2016-07-06
Title
WP Maintenance Mode <= 2.0.6 - Subscriber Information Disclosure
Published
2016-02-04
Title
User Meta Manager <= 3.4.6 - Privilege Escalation
Published
2025-10-14
Title
WP Headless CMS Framework <= 1.15 - Unauthenticated Protection Mechanism Bypass