The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them.
View the template here CVE-2023-1263.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-1263