Search criteria
3 vulnerabilities by freehtmldesigns
CVE-2023-49190 (GCVE-0-2023-49190)
Vulnerability from cvelistv5 – Published: 2023-12-15 15:10 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress Site Offline Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS)
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS.This issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6.
Severity
5.9 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/sit… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Chandra Shekhar Sahu | Site Offline Or Coming Soon Or Maintenance Mode |
Affected:
n/a , ≤ 1.5.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:44.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/site-offline/wordpress-site-offline-or-coming-soon-or-maintenance-mode-plugin-1-5-6-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "site-offline",
"product": "Site Offline Or Coming Soon Or Maintenance Mode",
"vendor": "Chandra Shekhar Sahu",
"versions": [
{
"lessThanOrEqual": "1.5.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "emad (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS.\u003cp\u003eThis issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Chandra Shekhar Sahu Site Offline Or Coming Soon Or Maintenance Mode allows Stored XSS.This issue affects Site Offline Or Coming Soon Or Maintenance Mode: from n/a through 1.5.6."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:56.635Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/site-offline/wordpress-site-offline-or-coming-soon-or-maintenance-mode-plugin-1-5-6-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Site Offline Plugin \u003c= 1.5.6 is vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-49190",
"datePublished": "2023-12-15T15:10:56.818Z",
"dateReserved": "2023-11-22T23:36:56.848Z",
"dateUpdated": "2026-04-28T16:08:56.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-1580 (GCVE-0-2022-1580)
Vulnerability from cvelistv5 – Published: 2022-09-19 14:00 – Updated: 2024-08-03 00:10
VLAI
Title
Site Offline < 1.5.3 - Access Bypass
Summary
The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.
Severity
No CVSS data available.
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/7b6f91cd-5a00-49… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Site Offline Or Coming Soon Or Maintenance Mode |
Affected:
1.5.3 , < 1.5.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7b6f91cd-5a00-49ca-93ff-db7220d2630a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Site Offline Or Coming Soon Or Maintenance Mode",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.5.3",
"status": "affected",
"version": "1.5.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL\u0027s query string would bypass the plugin\u0027s main feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-19T14:00:46.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/7b6f91cd-5a00-49ca-93ff-db7220d2630a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Site Offline \u003c 1.5.3 - Access Bypass",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1580",
"STATE": "PUBLIC",
"TITLE": "Site Offline \u003c 1.5.3 - Access Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Site Offline Or Coming Soon Or Maintenance Mode",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.5.3",
"version_value": "1.5.3"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL\u0027s query string would bypass the plugin\u0027s main feature."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/7b6f91cd-5a00-49ca-93ff-db7220d2630a",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7b6f91cd-5a00-49ca-93ff-db7220d2630a"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1580",
"datePublished": "2022-09-19T14:00:47.000Z",
"dateReserved": "2022-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:10:03.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35773 (GCVE-0-2020-35773)
Vulnerability from cvelistv5 – Published: 2020-12-29 17:46 – Updated: 2024-08-04 17:09
VLAI
Summary
The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://plugins.trac.wordpress.org/changeset/2445009/ | x_refsource_MISC |
| https://developer.wordpress.org/reference/functio… | x_refsource_MISC |
| https://developer.wordpress.org/reference/functio… | x_refsource_MISC |
| https://wordpress.org/plugins/site-offline/#developers | x_refsource_MISC |
| https://advisory.checkmarx.net/advisory/CX-2020-4292 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2445009/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.wordpress.org/reference/functions/wp_create_nonce/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.wordpress.org/reference/functions/wp_verify_nonce/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/site-offline/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4292"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-31T20:05:23.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plugins.trac.wordpress.org/changeset/2445009/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.wordpress.org/reference/functions/wp_create_nonce/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.wordpress.org/reference/functions/wp_verify_nonce/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/site-offline/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4292"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plugins.trac.wordpress.org/changeset/2445009/",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/2445009/"
},
{
"name": "https://developer.wordpress.org/reference/functions/wp_create_nonce/",
"refsource": "MISC",
"url": "https://developer.wordpress.org/reference/functions/wp_create_nonce/"
},
{
"name": "https://developer.wordpress.org/reference/functions/wp_verify_nonce/",
"refsource": "MISC",
"url": "https://developer.wordpress.org/reference/functions/wp_verify_nonce/"
},
{
"name": "https://wordpress.org/plugins/site-offline/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/site-offline/#developers"
},
{
"name": "https://advisory.checkmarx.net/advisory/CX-2020-4292",
"refsource": "MISC",
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4292"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35773",
"datePublished": "2020-12-29T17:46:23.000Z",
"dateReserved": "2020-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:09:15.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}