.. / CVE-2022-1580

Exploit for Site Offline WP Plugin < 1.5.3 - Authorization Bypass (CVE-2022-1580)

Description:

The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL’s query string would bypass the plugin’s main feature.

Nuclei Template

View the template here CVE-2022-1580.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-1580.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-1580
https://wpscan.com/vulnerability/7b6f91cd-5a00-49ca-93ff-db7220d2630a/

.. / CVE-2022-1580 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Site Offline WP Plugin < 1.5.3 - Authorization Bypass (CVE-2022-1580)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-1580