WP-Safety

Site Offline Or Coming Soon Or Maintenance Mode Security & Risk Analysis

wordpress.org/plugins/site-offline

Site Offline plugin manage your WordPress website in under construction or maintenance mode or coming soon or landing page.

30K active installs v1.5.7 PHP + WP 4.0+ Updated Mar 20, 2024
admincoming-sooncoming-soon-pagecoming-soon-wordpress-plugincoming-soon-wp
56
C · Use Caution
CVEs total4
Unpatched1
Last CVEAug 21, 2025
Plugin page Download
Safety Verdict

Is Site Offline Or Coming Soon Or Maintenance Mode Safe to Use in 2026?

Use With Caution

Score 56/100

Site Offline Or Coming Soon Or Maintenance Mode has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

4 known CVEs 1 unpatched Last CVE: Aug 21, 2025Updated 2yr ago
Risk Assessment

The "site-offline" plugin v1.5.7 presents a mixed security posture, with some good practices offset by significant concerns. While the plugin demonstrates strong adherence to secure coding for SQL queries and generally good output escaping, it has a substantial vulnerability history. The presence of 4 known CVEs, with one remaining unpatched, is a major red flag. The common vulnerability types (Missing Authorization, XSS, Improper Access Control, CSRF) suggest a pattern of issues related to input validation and access control, which are critical for plugin security.

The static analysis reveals a single unprotected AJAX handler as the sole entry point in the attack surface, which is a concerning concentration of risk. The absence of capability checks on this handler, despite the presence of 12 nonce checks in the codebase, indicates a potential gap in robust authorization. The use of the `unserialize` function is also a significant risk, as it can lead to Remote Code Execution if not handled with extreme caution and strict input validation, though the taint analysis did not reveal any immediate exploitable flows in this version.

Overall, the plugin has demonstrated a history of security weaknesses, and the current version still exposes a critical unprotected entry point. While some secure coding practices are observed, the unpatched CVE and the unprotected AJAX handler demand immediate attention and mitigation.

Key Concerns

  • Unpatched High Severity CVE
  • Unprotected AJAX handler
  • Missing capability checks on AJAX handler
  • Use of dangerous function: unserialize
  • 3 Medium Severity CVEs
Vulnerabilities
4

Site Offline Or Coming Soon Or Maintenance Mode Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
1 CVE in 2022
2022
1 CVE in 2023
2023
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

CVE-2025-48348medium · 4.3Missing Authorization

Site Offline <= 1.5.7 - Missing Authorization

Aug 21, 2025Unpatched
CVE-2023-49190medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Site Offline <= 1.5.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Nov 29, 2023 Patched in 1.5.7 (122d)
CVE-2022-1580medium · 5.3Improper Access Control

Site Offline <= 1.4.9 - Maintenance Mode Bypass

Aug 29, 2022 Patched in 1.5.3 (512d)
CVE-2020-35773high · 8.2Cross-Site Request Forgery (CSRF)

Site Offline Or Coming Soon Or Maintenance Mode <= 1.4.2 - Cross-Site Request Forgery and Cross-Site Scripting

Dec 23, 2020 Patched in 1.4.4 (1126d)
Code Analysis
Analyzed Mar 16, 2026

Site Offline Or Coming Soon Or Maintenance Mode Code Analysis

Dangerous Functions
14
Raw SQL Queries
0
0 prepared
Unescaped Output
8
136 escaped
Nonce Checks
12
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$sahu_so_contact = unserialize(get_option('sahu_so_contact'));backend\contact.php:3
unserialize$sahu_so_countdown = unserialize(get_option('sahu_so_countdown'));backend\countdown-setting.php:3
unserialize$sahu_so_dashboard = unserialize(get_option('sahu_so_dashboard'));backend\dashboard.php:3
unserialize$sahu_so_design = unserialize(get_option('sahu_so_design'));backend\design.php:3
unserialize$sahu_so_seo = unserialize(get_option('sahu_so_seo'));backend\seo.php:3
unserialize$sahu_so_social = unserialize(get_option('sahu_so_social'));backend\social.php:3
unserialize$sahu_so_dashboard = unserialize(get_option('sahu_so_dashboard'));output\index.php:5
unserialize$sahu_so_design = unserialize(get_option('sahu_so_design'));output\index.php:6
unserialize$sahu_so_social = unserialize(get_option('sahu_so_social'));output\index.php:7
unserialize$sahu_so_countdown = unserialize(get_option('sahu_so_countdown'));output\index.php:8
unserialize$sahu_so_seo = unserialize(get_option('sahu_so_seo'));output\index.php:9
unserialize$sahu_so_contact = unserialize(get_option('sahu_so_contact'));output\index.php:10
unserialize$sahu_so_dashboard = unserialize(get_option('sahu_so_dashboard'));site-offline.php:49
unserialize$sahu_so_dashboard = unserialize(get_option('sahu_so_dashboard'));site-offline.php:100

Output Escaping

94% escaped144 total outputs
Attack Surface
1 unprotected

Site Offline Or Coming Soon Or Maintenance Mode Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_sahu_siteoff_line_dismiss_reviewfunctions\script.php:116
WordPress Hooks 5
actionadmin_noticesfunctions\script.php:34
actionplugins_loadedsite-offline.php:16
actionadmin_menusite-offline.php:28
actiontemplate_redirectsite-offline.php:84
actionadmin_bar_menusite-offline.php:95
Maintenance & Trust

Site Offline Or Coming Soon Or Maintenance Mode Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedMar 20, 2024
PHP min version
Downloads891K

Community Trust

Rating96/100
Number of ratings398
Active installs30K
Alternatives

Site Offline Or Coming Soon Or Maintenance Mode Alternatives

Coming Soon, Under Construction & Maintenance Mode By Dazzler

Coming Soon, Under Construction & Maintenance Mode By Dazzler

coming-soon-wp

B
84

An awesome wordpress coming soon plugin to manage your under construction website, under maintenance mode website and offline website

7K 2 CVEs
Coming Soon – Under Construction

Coming Soon – Under Construction

coming-soons

C
64

Coming Soon is advanced solution for WordPress construction users. Your website with our efforts will be perfectly.

200 1 unpatched
Yuga Login Form

Yuga Login Form

yuga-login-form

A
100

Custom login/registration with tabs, reCAPTCHA, redirects, styling, WP login replacement, Coming Soon mode, and user export.

0 No CVEs
Maintenance

Maintenance

maintenance

A
100

Great looking maintenance, coming soon & under construction pages. Put your site under maintenance in minutes.

1.0M 1 CVE
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode

Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode

coming-soon

C
67

Easy Drag & Drop Page Builder. A complete solution to create a WordPress Website, Custom Themes, Landing Pages, Coming Soon & Maintenance Mode Pages.

700K 1 unpatched
Developer Profile

Site Offline Or Coming Soon Or Maintenance Mode Developer Profile

chandrashekharsahu

1 plugin · 30K total installs

48
trust score
Avg Security Score
56/100
Avg Patch Time
587 days
View full developer profile
Detection Fingerprints

How We Detect Site Offline Or Coming Soon Or Maintenance Mode

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/site-offline/assets/css/bootstrap.css/wp-content/plugins/site-offline/assets/css/font-awesome/css/font-awesome.min.css/wp-content/plugins/site-offline/assets/css/rcsp_jquery-ui.css/wp-content/plugins/site-offline/assets/css/backend.css/wp-content/plugins/site-offline/assets/css/dialog/dialog.css/wp-content/plugins/site-offline/assets/css/dialog/dialog-box-style.css/wp-content/plugins/site-offline/assets/css/dialog/dialog-jamie.css/wp-content/plugins/site-offline/assets/js/media-upload-script.js+8 more
Script Paths
/wp-content/plugins/site-offline/assets/js/media-upload-script.js/wp-content/plugins/site-offline/assets/js/jquery-ui-timepicker.js/wp-content/plugins/site-offline/assets/js/my-color-picker-script.js/wp-content/plugins/site-offline/assets/js/bootstrap.min.js/wp-content/plugins/site-offline/assets/js/dialog/snap.svg-min.js/wp-content/plugins/site-offline/assets/js/dialog/modernizr.custom.js+2 more

HTML / DOM Fingerprints

CSS Classes
sahu_so_admin_bar_button_sowpsm-siteoff-line-review-noticewpsm-siteoff-line-dismiss-review-noticewpsm-siteoff-line-review-outwpsm-siteoff-line-dismiss-review-noticewpsm-rate-laterwpsm-siteoff-line-dismiss-review-noticewpsm-rated
Data Attributes
data-dialog-stackdata-dialog-contentdata-dialog-title
JS Globals
SAHU_SO_PLUGIN_URL
FAQ

Frequently Asked Questions about Site Offline Or Coming Soon Or Maintenance Mode