CVE-2022-1580: 
WordPress vulnerability analysis and mitigation

The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin (version < 1.5.3) contains a security vulnerability identified as CVE-2022-1580. The vulnerability was discovered by Daniel Ruf and was publicly disclosed on August 29, 2022. This security issue affects the plugin's main functionality of preventing user access to websites (WPScan).

The vulnerability exists in the plugin's access control mechanism. The plugin is designed to prevent users from accessing a website, but this protection can be bypassed by adding specific keywords to the URL's query string. A proof of concept demonstrates that adding '?admin' to the URL (e.g., https://example.com/?admin) would successfully bypass the plugin's protection mechanism (WPScan).

When exploited, this vulnerability allows unauthorized users to bypass the website's maintenance or offline mode, potentially accessing content that should be restricted. This effectively negates the primary purpose of the plugin, which is to limit website access during maintenance or development phases (WPScan).

The vulnerability has been fixed in version 1.5.3 of the Site Offline plugin. Website administrators are advised to update to this version or later to prevent unauthorized access to their websites (WPScan).