WordPress Plugin Vulnerabilities

Site Offline < 1.5.3 - Access Bypass

Description

The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.

Proof of Concept

https://example.com/?admin

Affects Plugins

site-offline

Fixed in version 1.5.3

References

CVE

CVE-2022-1580

Classification

Type

BYPASS

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://daniel-ruf.de

Verified

Yes

WPVDB ID

7b6f91cd-5a00-49ca-93ff-db7220d2630a

Timeline

Publicly Published

2022-08-29 (about 6 months ago)

Added

2022-08-29 (about 6 months ago)

Last Updated

2022-08-29 (about 6 months ago)

Our Other Services

WPScan WordPress Security Plugin