CVE-2022-1580

MEDIUM NUCLEI

Site Offline WordPress plugin < 1.5.3 - Authorization Bypass via URL Query

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-1580. PoCs published by halilkirazkaya. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository provides a technical description and PoC for CVE-2022-1580, an authorization bypass vulnerability in the 'Site Offline Or Coming Soon Or Maintenance Mode' WordPress plugin. The PoC demonstrates how adding specific keywords to the URL bypasses the plugin's intended functionality.

Description

The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.

Exploits (1)

github WRITEUP 4 stars

by halilkirazkaya · poc

https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2022/CVE-2022-1580.md

View Code ZIP pw:eip

The repository provides a technical description and PoC for CVE-2022-1580, an authorization bypass vulnerability in the 'Site Offline Or Coming Soon Or Maintenance Mode' WordPress plugin. The PoC demonstrates how adding specific keywords to the URL bypasses the plugin's intended functionality.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3

No auth needed

Prerequisites: WordPress site with vulnerable plugin installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 27, 2026 Full analysis →

Nuclei Templates (1)

Site Offline WP Plugin < 1.5.3 - Authorization Bypass

MEDIUMVERIFIEDby s4e-io

Shodan: http.html:/wp-content/plugins/site-offline/

FOFA: body=/wp-content/plugins/site-offline/

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://wpscan.com/vulnerability/7b6f91cd-5a00-49ca-93ff-db7220d2630a

Scores

CVSS v3 4.3

EPSS 0.0129

EPSS Percentile 66.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-639

Status published

Products (1)

freehtmldesigns/site_offline < 1.5.3

Published Sep 19, 2022

Tracked Since Feb 18, 2026