diff --git a/date.txt b/date.txt index 7125d77c10..484ce9b3e4 100644 --- a/date.txt +++ b/date.txt @@ -1 +1 @@ -20241026 +20241027 diff --git a/poc.txt b/poc.txt index 8e88a185a7..37398b4b50 100644 --- a/poc.txt +++ b/poc.txt @@ -5689,6 +5689,7 @@ ./poc/auth/wordpress-weak-credentials.yaml ./poc/auth/wp-activate-register-redirect.yaml ./poc/auth/wp-awesome-login-bff57ffdf8ed44b0944be0d854802a8a.yaml +./poc/auth/wp-awesome-login.yaml ./poc/auth/wp-cookie-law-info-1482e7982321747b7cd5ff73a34a6241.yaml ./poc/auth/wp-cookie-law-info.yaml ./poc/auth/wp-cookie-user-info-d2666c85e1e86cfe042cf280f363f5ef.yaml @@ -33576,10 +33577,13 @@ ./poc/cve/CVE-2024-10080-e752dddf0fc4544c6494ed49850e78fe.yaml ./poc/cve/CVE-2024-10080.yaml ./poc/cve/CVE-2024-10091-47d98d91216f898ff00624ad6961c9a7.yaml +./poc/cve/CVE-2024-10091.yaml ./poc/cve/CVE-2024-10092-d032ec31ce8980271a8c19e352a437d5.yaml +./poc/cve/CVE-2024-10092.yaml ./poc/cve/CVE-2024-10112-b49134293bd607a2527227eff1da1897.yaml ./poc/cve/CVE-2024-10112.yaml ./poc/cve/CVE-2024-10117-0f80cc12896c22d305bb403aa391d732.yaml +./poc/cve/CVE-2024-10117.yaml ./poc/cve/CVE-2024-10148-66e8a68a811d5893a9baabebb92f1d1e.yaml ./poc/cve/CVE-2024-10148.yaml ./poc/cve/CVE-2024-10150-430c4ec0389798d1691a4f250437c712.yaml @@ -33600,6 +33604,7 @@ ./poc/cve/CVE-2024-10343-4b62a3038a6fc336914f3ddb9e620492.yaml ./poc/cve/CVE-2024-10343.yaml ./poc/cve/CVE-2024-10357-4f61676917f036bdaefc6591bc3b8254.yaml +./poc/cve/CVE-2024-10357.yaml ./poc/cve/CVE-2024-1037-b7f7f3d961a0c33ea429c4b0e05a6902.yaml ./poc/cve/CVE-2024-1037.yaml ./poc/cve/CVE-2024-10374-0f08cd74cdc8b699792d2afd2c3f92eb.yaml @@ -33607,6 +33612,7 @@ ./poc/cve/CVE-2024-1038-09acb945d02620d1c14081c7f022392a.yaml ./poc/cve/CVE-2024-1038.yaml ./poc/cve/CVE-2024-10402-d19daccb93672a4dbbaf6e7359c6a5a0.yaml +./poc/cve/CVE-2024-10402.yaml ./poc/cve/CVE-2024-1041-4d41bff9bd3d73f09dd9d25dcb4b1efa.yaml ./poc/cve/CVE-2024-1041.yaml ./poc/cve/CVE-2024-1042-ca45873031b9d1dfe7f3cbf642a8c725.yaml @@ -44271,6 +44277,7 @@ ./poc/cve/CVE-2024-8379-fe39d989e4d132f5087243fbc500f6e9.yaml ./poc/cve/CVE-2024-8379.yaml ./poc/cve/CVE-2024-8392-db179437e5435523a5ac158b341c5f4a.yaml +./poc/cve/CVE-2024-8392.yaml ./poc/cve/CVE-2024-8397-f8ed9bac7a5f8d7b68439c90f9db0afe.yaml ./poc/cve/CVE-2024-8397.yaml ./poc/cve/CVE-2024-8398-a53f57792e12705bd0beeb0752bb48c8.yaml @@ -44549,6 +44556,7 @@ ./poc/cve/CVE-2024-8861-7f19d6c6df275a879611d8e4c8bdab3a.yaml ./poc/cve/CVE-2024-8861.yaml ./poc/cve/CVE-2024-8870-3f393859fb4dbe11c34bee4e987a2a84.yaml +./poc/cve/CVE-2024-8870.yaml ./poc/cve/CVE-2024-8872-af9dba20c77deb90e6dc21e6e1a04408.yaml ./poc/cve/CVE-2024-8872.yaml ./poc/cve/CVE-2024-8902-973a09e850f27d16cf400f1ff83278bd.yaml @@ -44665,6 +44673,7 @@ ./poc/cve/CVE-2024-9115-07ac47d03400519778a0be24bcd69ac7.yaml ./poc/cve/CVE-2024-9115.yaml ./poc/cve/CVE-2024-9116-88d043fe717b048d3fe8e54bed9128fe.yaml +./poc/cve/CVE-2024-9116.yaml ./poc/cve/CVE-2024-9117-acfad5d521304a0a4745f09b7afbdfed.yaml ./poc/cve/CVE-2024-9117.yaml ./poc/cve/CVE-2024-9118-4d37054e1e6278b61b3d2964154e5d77.yaml @@ -44853,17 +44862,22 @@ ./poc/cve/CVE-2024-9452-31c0646fe6fd4340189c7a11a4726afa.yaml ./poc/cve/CVE-2024-9452.yaml ./poc/cve/CVE-2024-9454-980cdf931a417d706bab314e69bd623f.yaml +./poc/cve/CVE-2024-9454.yaml ./poc/cve/CVE-2024-9455-a14edcb4af91ec88c5513b8bfa9f2d1c.yaml ./poc/cve/CVE-2024-9455.yaml ./poc/cve/CVE-2024-9456-b83c2c7ffe0e43b2ca905c6b5975fe4e.yaml +./poc/cve/CVE-2024-9456.yaml ./poc/cve/CVE-2024-9457-72dd9bc9875b76de9e691aa9064bfa77.yaml ./poc/cve/CVE-2024-9457.yaml ./poc/cve/CVE-2024-9462-997ea01500055b7e00f4aeed22a63b86.yaml +./poc/cve/CVE-2024-9462.yaml ./poc/cve/CVE-2024-9465.yaml ./poc/cve/CVE-2024-9475-d454aa0f8e831ad96768c0f42bd26d3a.yaml +./poc/cve/CVE-2024-9475.yaml ./poc/cve/CVE-2024-9488-71bbc14254aeeb3532913cac8f75c128.yaml ./poc/cve/CVE-2024-9488.yaml ./poc/cve/CVE-2024-9501-75b9d56a40fe1396bb3b9ef1c7d11ff3.yaml +./poc/cve/CVE-2024-9501.yaml ./poc/cve/CVE-2024-9507-698602582a898ef6e8ecf4cbadd940fc.yaml ./poc/cve/CVE-2024-9507.yaml ./poc/cve/CVE-2024-9518-feda24c489ca1e9c4a2da83d340cc3c2.yaml @@ -44909,7 +44923,9 @@ ./poc/cve/CVE-2024-9583-f06bea33a635ec4ee89945c82b347411.yaml ./poc/cve/CVE-2024-9583.yaml ./poc/cve/CVE-2024-9584-7d2cb9fd0ff4fce24c145e8b28898747.yaml +./poc/cve/CVE-2024-9584.yaml ./poc/cve/CVE-2024-9585-e0563c3b6c2fb019adad95332763e2a3.yaml +./poc/cve/CVE-2024-9585.yaml ./poc/cve/CVE-2024-9586-404a2b9f88295f375d192c2e8553e42b.yaml ./poc/cve/CVE-2024-9586-f509e3aaffd9c01e8512cf309a44c111.yaml ./poc/cve/CVE-2024-9586.yaml @@ -44940,10 +44956,12 @@ ./poc/cve/CVE-2024-9611-e3d072056298fd4e81d4dfecee6ae07e.yaml ./poc/cve/CVE-2024-9611.yaml ./poc/cve/CVE-2024-9613-749d376baf8bd777cc22e9c75fddf8e1.yaml +./poc/cve/CVE-2024-9613.yaml ./poc/cve/CVE-2024-9616-74cbb74314a998222d17f0108bdd1b47.yaml ./poc/cve/CVE-2024-9616.yaml ./poc/cve/CVE-2024-9617.yaml ./poc/cve/CVE-2024-9626-af1c539630d4722fdfbc41cbfd653dc2.yaml +./poc/cve/CVE-2024-9626.yaml ./poc/cve/CVE-2024-9627-609d2082cbf88b0e9c345dfb753e9c47.yaml ./poc/cve/CVE-2024-9627.yaml ./poc/cve/CVE-2024-9628-3d855d9a00666119c6c4dc4121ccafb1.yaml @@ -44953,7 +44971,9 @@ ./poc/cve/CVE-2024-9634-d865b6fc0ac9d8d7dca8d3f6df89b5a1.yaml ./poc/cve/CVE-2024-9634.yaml ./poc/cve/CVE-2024-9637-ed8f677ba17c0237622212bbd0010ac9.yaml +./poc/cve/CVE-2024-9637.yaml ./poc/cve/CVE-2024-9642-1ae87b0821db46b44dcefe11197d31b9.yaml +./poc/cve/CVE-2024-9642.yaml ./poc/cve/CVE-2024-9647-7e123a97b0971ee91cbec517bbcda15d.yaml ./poc/cve/CVE-2024-9647.yaml ./poc/cve/CVE-2024-9649-29e8bedb3d9bfa693dc072c3086eb367.yaml @@ -44987,6 +45007,7 @@ ./poc/cve/CVE-2024-9756-64a408f630e792f3ff717cc9822672de.yaml ./poc/cve/CVE-2024-9756.yaml ./poc/cve/CVE-2024-9772-5094698925e989ea36420156bd740e26.yaml +./poc/cve/CVE-2024-9772.yaml ./poc/cve/CVE-2024-9776-b87b3db31f1eda93892f1d85c0aa0846.yaml ./poc/cve/CVE-2024-9776.yaml ./poc/cve/CVE-2024-9778-f12d8ad8d5a8b1346844c8509cb8d77c.yaml @@ -45008,6 +45029,7 @@ ./poc/cve/CVE-2024-9848-ac1bebcc37e467cdd99a1009c53e8491.yaml ./poc/cve/CVE-2024-9848.yaml ./poc/cve/CVE-2024-9853-27aa4fef5686ec88f8690928d6ccf437.yaml +./poc/cve/CVE-2024-9853.yaml ./poc/cve/CVE-2024-9860-b04ee97e5d460a289f93568831e0cf5e.yaml ./poc/cve/CVE-2024-9860.yaml ./poc/cve/CVE-2024-9861-cfe0d10a7099e61a765c45a5117c1825.yaml @@ -45027,6 +45049,7 @@ ./poc/cve/CVE-2024-9889-f1c27f9a559d74f1dde6c33ab83ad87d.yaml ./poc/cve/CVE-2024-9889.yaml ./poc/cve/CVE-2024-9890-f52fa2cdcccb4a891e802de699a879b0.yaml +./poc/cve/CVE-2024-9890.yaml ./poc/cve/CVE-2024-9891-2ab1858bc0a4346f292143b3e3d4717f.yaml ./poc/cve/CVE-2024-9891.yaml ./poc/cve/CVE-2024-9892-b0879d1e1000451889fc889db7f6e49b.yaml @@ -45043,9 +45066,13 @@ ./poc/cve/CVE-2024-9927-4042f4103ac06d0689368d6a3984a106.yaml ./poc/cve/CVE-2024-9927.yaml ./poc/cve/CVE-2024-9930-807d4f623d84b600ff1b114d224d59bc.yaml +./poc/cve/CVE-2024-9930.yaml ./poc/cve/CVE-2024-9931-8ce28bba21197933e0ab450a2480bf89.yaml +./poc/cve/CVE-2024-9931.yaml ./poc/cve/CVE-2024-9932-7558b83919bdb2cc193ccec87ae1cb78.yaml +./poc/cve/CVE-2024-9932.yaml ./poc/cve/CVE-2024-9933-e1ec60c544c2e28af5a94072e33b5a84.yaml +./poc/cve/CVE-2024-9933.yaml ./poc/cve/CVE-2024-9937-9915217ba7d6f29cd232016898fb9998.yaml ./poc/cve/CVE-2024-9937.yaml ./poc/cve/CVE-2024-9940-7282ba1c7231feca51bd0ab70c139261.yaml @@ -45059,6 +45086,7 @@ ./poc/cve/CVE-2024-9951-be046d8362f1832edd91856d0526cdb7.yaml ./poc/cve/CVE-2024-9951.yaml ./poc/cve/CVE-2024-9967-588327a449d255859025a57006363402.yaml +./poc/cve/CVE-2024-9967.yaml ./poc/cve/CVE202127562-220331-222408.yaml ./poc/cve/CVE_2023_49442.yaml ./poc/cve/CVE_2023_51467.yaml @@ -86421,6 +86449,7 @@ ./poc/other/editable-table-3567eaf7c77e82215d146cc8a3d945cc.yaml ./poc/other/editable-table.yaml ./poc/other/editor-custom-color-palette-af7d5a272df8fc33ce4739259a4dfac7.yaml +./poc/other/editor-custom-color-palette.yaml ./poc/other/editorial-calendar-6590a2c32c8097bb35048af41a913c40.yaml ./poc/other/editorial-calendar-ba32b1a3f3cbfbb6dc697395c0e610b4.yaml ./poc/other/editorial-calendar.yaml @@ -91328,6 +91357,7 @@ ./poc/other/idpay-contact-form-7-e3b0819e93c2e92645175f698a388c69.yaml ./poc/other/idpay-contact-form-7.yaml ./poc/other/ids-skills-installer.yaml +./poc/other/idsk-toolkit.yaml ./poc/other/idx-broker-platinum-2e1c5afdc34843f1ec1c79c758c88037.yaml ./poc/other/idx-broker-platinum-50e65a3f99c52bbfe6b12b49e219925c.yaml ./poc/other/idx-broker-platinum-68ca13759a1c8be412922f1ad880366b.yaml @@ -99376,6 +99406,7 @@ ./poc/other/printfriendly.yaml ./poc/other/printmonitor.yaml ./poc/other/pripre-de1173e8e2676ffb603d3398584dc401.yaml +./poc/other/pripre.yaml ./poc/other/prismatic-1401893d8af5a9859c30c849b9b087ae.yaml ./poc/other/prismatic-578b6dd52597b66b80dd55b835f4359c.yaml ./poc/other/prismatic.yaml @@ -101645,6 +101676,7 @@ ./poc/other/sb-child-list-0b2143dfb86dd824a1b7aed5ba06f945.yaml ./poc/other/sb-child-list.yaml ./poc/other/sb-core-944486dd668c02219630fc7d4d551137.yaml +./poc/other/sb-core.yaml ./poc/other/sb-random-posts-widget-f10e2da5d4a8325de799114542f5e5f6.yaml ./poc/other/sb-random-posts-widget.yaml ./poc/other/scalable-vector-graphics-svg-7ebcc23c4b2581aa9b5947fe9c79480d.yaml @@ -103631,6 +103663,7 @@ ./poc/other/sofurry.yaml ./poc/other/sogo-version.yaml ./poc/other/sogrid-0b049dac8f0c9e9b3cd81bb2929809ec.yaml +./poc/other/sogrid.yaml ./poc/other/soisy-pagamento-rateale-c5d4d639573497519eabfcc5f40c1297.yaml ./poc/other/soisy-pagamento-rateale.yaml ./poc/other/sola-newsletters.yaml @@ -106401,6 +106434,7 @@ ./poc/other/uipress-lite-e0e0443bec6c88230f3c6ee8ebdaf776.yaml ./poc/other/uipress-lite.yaml ./poc/other/uix-shortcodes-65bdf7e6505fe2c12ab9379bb04386eb.yaml +./poc/other/uix-shortcodes.yaml ./poc/other/uji-countdown-8094a6f63777b04f50660b48e680df7e.yaml ./poc/other/uji-countdown-b7a28bd9935470a097a7e4bc0ef269bc.yaml ./poc/other/uji-countdown.yaml @@ -107314,6 +107348,7 @@ ./poc/other/user-submitted-posts-e02d5bdc2e68f48af958dac86b69126a.yaml ./poc/other/user-submitted-posts.yaml ./poc/other/user-toolkit-4e7e7d46054984e8623f88f5adcf1021.yaml +./poc/other/user-toolkit.yaml ./poc/other/user-verification-c06b6d972d8765c6d992ac0f07d4113e.yaml ./poc/other/user-verification.yaml ./poc/other/useragent-spy-6e06788734ccaf9ae4a7ff5001884f5b.yaml @@ -109589,6 +109624,7 @@ ./poc/other/wupo-group-attributes.yaml ./poc/other/wux-blog-editor-6074a4d7ccaf34f601cee0145c1e4e2d.yaml ./poc/other/wux-blog-editor-87c202cd8ff3d08c0af831dac6c1d0dd.yaml +./poc/other/wux-blog-editor.yaml ./poc/other/wwc-amz-aff-2a64bd473f3bd2ef97a83b82c11806b0.yaml ./poc/other/wwc-amz-aff-9f4e0bf30f472f45589133e5fa544116.yaml ./poc/other/wwc-amz-aff-d41d8cd98f00b204e9800998ecf8427e.yaml @@ -110124,6 +110160,7 @@ ./poc/other/zelist-directory-plugin.yaml ./poc/other/zelist-directory.yaml ./poc/other/zemanta-d186fbe6649a61d813626a610478c788.yaml +./poc/other/zemanta.yaml ./poc/other/zen-mobile-app-native-3dc86c7ba63a760d3be76da4bba9af01.yaml ./poc/other/zen-mobile-app-native.yaml ./poc/other/zen_cart-shopping.yaml @@ -129339,6 +129376,7 @@ ./poc/wordpress/miniorange-wp-as-saml-idp-a5372fd416884c51d3c321547a9d9d91.yaml ./poc/wordpress/miniorange-wp-as-saml-idp.yaml ./poc/wordpress/monkee-boy-wp-essentials-a4f637c48f8a66fc48a486d6a7ee8698.yaml +./poc/wordpress/monkee-boy-wp-essentials.yaml ./poc/wordpress/monsters-editor-10-for-wp-super-edit-39fdcfda5eb1be9c6763a06c61167b24.yaml ./poc/wordpress/monsters-editor-10-for-wp-super-edit-973edbc42b401e04f2817347dbb88982.yaml ./poc/wordpress/monsters-editor-10-for-wp-super-edit-d41d8cd98f00b204e9800998ecf8427e.yaml @@ -131078,6 +131116,7 @@ ./poc/wordpress/wp-awesome-faq-plugin.yaml ./poc/wordpress/wp-awesome-faq.yaml ./poc/wordpress/wp-awesome-login-bff57ffdf8ed44b0944be0d854802a8a.yaml +./poc/wordpress/wp-awesome-login.yaml ./poc/wordpress/wp-back-button-288fc732de1cf63fb58e554a04b1bb48.yaml ./poc/wordpress/wp-back-button.yaml ./poc/wordpress/wp-backgrounds-lite-2cfe38875f8efd3658b5f1a40330fb6c.yaml @@ -134179,6 +134218,7 @@ ./poc/wordpress/wp-shoutbox-live-chat-726b81e1c4853df361109117c705944a.yaml ./poc/wordpress/wp-shoutbox-live-chat.yaml ./poc/wordpress/wp-show-more-9d16a961e2a83091c699d93ef2a296d0.yaml +./poc/wordpress/wp-show-more.yaml ./poc/wordpress/wp-show-posts-5ec43a10a5f6211935644f8e4e7b0015.yaml ./poc/wordpress/wp-show-posts-bb35c711645681b86e7a8ed2c6d61401.yaml ./poc/wordpress/wp-show-posts-f4b4711a5e8af1a1c5b11fad4caf6494.yaml diff --git a/poc/auth/wp-awesome-login.yaml b/poc/auth/wp-awesome-login.yaml new file mode 100644 index 0000000000..1e53cec140 --- /dev/null +++ b/poc/auth/wp-awesome-login.yaml @@ -0,0 +1,59 @@ +id: wp-awesome-login + +info: + name: > + WP Awesome Login <= 0.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0841127c-fe81-47b1-964f-15e006f618af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-awesome-login/" + google-query: inurl:"/wp-content/plugins/wp-awesome-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-awesome-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-awesome-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-awesome-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10091.yaml b/poc/cve/CVE-2024-10091.yaml new file mode 100644 index 0000000000..9940d18fd7 --- /dev/null +++ b/poc/cve/CVE-2024-10091.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10091 + +info: + name: > + ElementsKit Elementor addons <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget + author: topscoder + severity: low + description: > + The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Comparison Widget in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00b278af-6ce6-4e70-a83a-a1b035542cd4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-10091 + metadata: + fofa-query: "wp-content/plugins/elementskit-lite/" + google-query: inurl:"/wp-content/plugins/elementskit-lite/" + shodan-query: 'vuln:CVE-2024-10091' + tags: cve,wordpress,wp-plugin,elementskit-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementskit-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementskit-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.9') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10092.yaml b/poc/cve/CVE-2024-10092.yaml new file mode 100644 index 0000000000..8e0cfe8cea --- /dev/null +++ b/poc/cve/CVE-2024-10092.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10092 + +info: + name: > + Download Monitor <= 5.0.12 - Missing Authorization to API Key Manipulation + author: topscoder + severity: low + description: > + The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to revoke existing API keys and generate new ones. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1e50d8c-e61c-4e94-b5e8-b24832dc24b6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-10092 + metadata: + fofa-query: "wp-content/plugins/download-monitor/" + google-query: inurl:"/wp-content/plugins/download-monitor/" + shodan-query: 'vuln:CVE-2024-10092' + tags: cve,wordpress,wp-plugin,download-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.12') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10117.yaml b/poc/cve/CVE-2024-10117.yaml new file mode 100644 index 0000000000..18e92a8081 --- /dev/null +++ b/poc/cve/CVE-2024-10117.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10117 + +info: + name: > + WP Crowdfunding <= 2.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcf_donate Shortcode + author: topscoder + severity: low + description: > + The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7813dfdc-06e0-4fa9-aabe-b5b9772368c2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-10117 + metadata: + fofa-query: "wp-content/plugins/wp-crowdfunding/" + google-query: inurl:"/wp-content/plugins/wp-crowdfunding/" + shodan-query: 'vuln:CVE-2024-10117' + tags: cve,wordpress,wp-plugin,wp-crowdfunding,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-crowdfunding/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-crowdfunding" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.11') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10357.yaml b/poc/cve/CVE-2024-10357.yaml new file mode 100644 index 0000000000..9e815a1c0e --- /dev/null +++ b/poc/cve/CVE-2024-10357.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10357 + +info: + name: > + Clever Addons for Elementor <= 2.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates + author: topscoder + severity: low + description: > + The Clever Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.1 via the getTemplateContent function in src/widgets/class-clever-widget-base.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1fa3569-9a9a-4aa6-9057-c87601fadb9f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2024-10357 + metadata: + fofa-query: "wp-content/plugins/cafe-lite/" + google-query: inurl:"/wp-content/plugins/cafe-lite/" + shodan-query: 'vuln:CVE-2024-10357' + tags: cve,wordpress,wp-plugin,cafe-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cafe-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cafe-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10402.yaml b/poc/cve/CVE-2024-10402.yaml new file mode 100644 index 0000000000..0e39ec4179 --- /dev/null +++ b/poc/cve/CVE-2024-10402.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10402 + +info: + name: > + Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.35.1 - Missing Authorization to Authenticated (Contributor+) Form Update and Creation + author: topscoder + severity: low + description: > + The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.35.1. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to create new or edit existing forms, including updating the default registration role to Administrator on User Registration forms. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be1d9d2b-cbdf-4d62-85fe-2616eaf02848?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.5 + cve-id: CVE-2024-10402 + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:CVE-2024-10402' + tags: cve,wordpress,wp-plugin,forminator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.35.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8392.yaml b/poc/cve/CVE-2024-8392.yaml new file mode 100644 index 0000000000..da285cadd9 --- /dev/null +++ b/poc/cve/CVE-2024-8392.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8392 + +info: + name: > + WordPress Post Grid Layouts with Pagination – Sogrid <= 1.5.2 - Authenticated (Admin+) Local File Inclusion + author: topscoder + severity: low + description: > + The WordPress Post Grid Layouts with Pagination – Sogrid plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.2 via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This can also be exploited via CSRF techniques. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62d81e01-9b6e-48e9-b9da-85444a3694e7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2024-8392 + metadata: + fofa-query: "wp-content/plugins/sogrid/" + google-query: inurl:"/wp-content/plugins/sogrid/" + shodan-query: 'vuln:CVE-2024-8392' + tags: cve,wordpress,wp-plugin,sogrid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sogrid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sogrid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8870.yaml b/poc/cve/CVE-2024-8870.yaml new file mode 100644 index 0000000000..2abd5d4a77 --- /dev/null +++ b/poc/cve/CVE-2024-8870.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8870 + +info: + name: > + Forms for Mailchimp by Optin Cat – Grow Your MailChimp List <= 2.5.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86389489-9f9d-479b-b351-19f25166fc91?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-8870 + metadata: + fofa-query: "wp-content/plugins/mailchimp-wp/" + google-query: inurl:"/wp-content/plugins/mailchimp-wp/" + shodan-query: 'vuln:CVE-2024-8870' + tags: cve,wordpress,wp-plugin,mailchimp-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailchimp-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailchimp-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9116.yaml b/poc/cve/CVE-2024-9116.yaml new file mode 100644 index 0000000000..69db0fdcee --- /dev/null +++ b/poc/cve/CVE-2024-9116.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9116 + +info: + name: > + Monkee-Boy Essentials <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + The Monkee-Boy Essentials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c44c1a50-e282-4a5b-8b7f-1021c9d6f58e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9116 + metadata: + fofa-query: "wp-content/plugins/monkee-boy-wp-essentials/" + google-query: inurl:"/wp-content/plugins/monkee-boy-wp-essentials/" + shodan-query: 'vuln:CVE-2024-9116' + tags: cve,wordpress,wp-plugin,monkee-boy-wp-essentials,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/monkee-boy-wp-essentials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "monkee-boy-wp-essentials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9454.yaml b/poc/cve/CVE-2024-9454.yaml new file mode 100644 index 0000000000..e1f028f01f --- /dev/null +++ b/poc/cve/CVE-2024-9454.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9454 + +info: + name: > + PriPre <= 0.4.11 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + The PriPre plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6662fee4-7e04-492f-bf79-2c915da92c92?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9454 + metadata: + fofa-query: "wp-content/plugins/pripre/" + google-query: inurl:"/wp-content/plugins/pripre/" + shodan-query: 'vuln:CVE-2024-9454' + tags: cve,wordpress,wp-plugin,pripre,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pripre/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pripre" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.11') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9456.yaml b/poc/cve/CVE-2024-9456.yaml new file mode 100644 index 0000000000..25de825825 --- /dev/null +++ b/poc/cve/CVE-2024-9456.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9456 + +info: + name: > + WP Awesome Login <= 0.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + The WP Awesome Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0841127c-fe81-47b1-964f-15e006f618af?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9456 + metadata: + fofa-query: "wp-content/plugins/wp-awesome-login/" + google-query: inurl:"/wp-content/plugins/wp-awesome-login/" + shodan-query: 'vuln:CVE-2024-9456' + tags: cve,wordpress,wp-plugin,wp-awesome-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-awesome-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-awesome-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9462.yaml b/poc/cve/CVE-2024-9462.yaml new file mode 100644 index 0000000000..134c83eb34 --- /dev/null +++ b/poc/cve/CVE-2024-9462.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9462 + +info: + name: > + Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Poll Settings + author: topscoder + severity: low + description: > + The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and including, 5.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e6434fb-390d-439d-bf3e-9afe8644fd58?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 5.5 + cve-id: CVE-2024-9462 + metadata: + fofa-query: "wp-content/plugins/poll-maker/" + google-query: inurl:"/wp-content/plugins/poll-maker/" + shodan-query: 'vuln:CVE-2024-9462' + tags: cve,wordpress,wp-plugin,poll-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/poll-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "poll-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9475.yaml b/poc/cve/CVE-2024-9475.yaml new file mode 100644 index 0000000000..cd87fc7c36 --- /dev/null +++ b/poc/cve/CVE-2024-9475.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9475 + +info: + name: > + Poll Maker – Versus Polls, Anonymous Polls, Image Polls <= 5.4.6 - Authenticated (Administrator+) SQL Injection via Order_by Parameter + author: topscoder + severity: low + description: > + The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the order_by parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8798e16d-84dd-40bb-b4ff-db800e850b0e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2024-9475 + metadata: + fofa-query: "wp-content/plugins/poll-maker/" + google-query: inurl:"/wp-content/plugins/poll-maker/" + shodan-query: 'vuln:CVE-2024-9475' + tags: cve,wordpress,wp-plugin,poll-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/poll-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "poll-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9501.yaml b/poc/cve/CVE-2024-9501.yaml new file mode 100644 index 0000000000..9e0abf35dc --- /dev/null +++ b/poc/cve/CVE-2024-9501.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9501 + +info: + name: > + Wp Social Login and Register Social Counter <= 3.0.7 - Authentication Bypass + author: topscoder + severity: critical + description: > + The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.0.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4294f5f-d989-4b97-88ee-4e94f4f7845a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-9501 + metadata: + fofa-query: "wp-content/plugins/wp-social/" + google-query: inurl:"/wp-content/plugins/wp-social/" + shodan-query: 'vuln:CVE-2024-9501' + tags: cve,wordpress,wp-plugin,wp-social,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.7') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9584.yaml b/poc/cve/CVE-2024-9584.yaml new file mode 100644 index 0000000000..a81d2d9c59 --- /dev/null +++ b/poc/cve/CVE-2024-9584.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9584 + +info: + name: > + Image Map Pro <= 6.0.20 - Missing Authorization to Authenticated (Contributor+) Map Project Add/Update/Delete + author: topscoder + severity: low + description: > + The Image Map Pro plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the AJAX functions in versions up to, and including, 6.0.20. This makes it possible for authenticated attackers with contributor-level privileges or above, to add, update or delete map projects. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c632452-8b13-4f78-aa8a-3c92bef5907f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L + cvss-score: 5.4 + cve-id: CVE-2024-9584 + metadata: + fofa-query: "wp-content/plugins/image-map-pro/" + google-query: inurl:"/wp-content/plugins/image-map-pro/" + shodan-query: 'vuln:CVE-2024-9584' + tags: cve,wordpress,wp-plugin,image-map-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-map-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-map-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.20') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9585.yaml b/poc/cve/CVE-2024-9585.yaml new file mode 100644 index 0000000000..3a1f4408aa --- /dev/null +++ b/poc/cve/CVE-2024-9585.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9585 + +info: + name: > + Image Map Pro <= 6.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'save_project' function with an arbitrary shortcode in versions up to, and including, 6.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22245bb5-a310-4cd2-98e3-6611e71ff7fa?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9585 + metadata: + fofa-query: "wp-content/plugins/image-map-pro/" + google-query: inurl:"/wp-content/plugins/image-map-pro/" + shodan-query: 'vuln:CVE-2024-9585' + tags: cve,wordpress,wp-plugin,image-map-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-map-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-map-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.20') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9613.yaml b/poc/cve/CVE-2024-9613.yaml new file mode 100644 index 0000000000..8abaed011d --- /dev/null +++ b/poc/cve/CVE-2024-9613.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9613 + +info: + name: > + FormFacade – WordPress plugin for Google Forms <= 1.3.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The FormFacade – WordPress plugin for Google Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'userId' and 'publishId' parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4a00ad0-5761-4fb7-a4e6-cb213cf32cb2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9613 + metadata: + fofa-query: "wp-content/plugins/formfacade/" + google-query: inurl:"/wp-content/plugins/formfacade/" + shodan-query: 'vuln:CVE-2024-9613' + tags: cve,wordpress,wp-plugin,formfacade,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formfacade/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formfacade" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9626.yaml b/poc/cve/CVE-2024-9626.yaml new file mode 100644 index 0000000000..8d89737b41 --- /dev/null +++ b/poc/cve/CVE-2024-9626.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9626 + +info: + name: > + Editorial Assistant by Sovrn <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Attachment Upload and Set Post Featured Image + author: topscoder + severity: low + description: > + The Editorial Assistant by Sovrn plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_zemanta_set_featured_image' function in versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload attachment files (such as jpg, png, txt, zip), and set the post featured image. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8775662f-d007-4edf-826e-f755d7b11c25?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-9626 + metadata: + fofa-query: "wp-content/plugins/zemanta/" + google-query: inurl:"/wp-content/plugins/zemanta/" + shodan-query: 'vuln:CVE-2024-9626' + tags: cve,wordpress,wp-plugin,zemanta,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zemanta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zemanta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9637.yaml b/poc/cve/CVE-2024-9637.yaml new file mode 100644 index 0000000000..6f44d2971e --- /dev/null +++ b/poc/cve/CVE-2024-9637.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9637 + +info: + name: > + School Management System – WPSchoolPress <= 2.2.10 - Insecure Direct Object Reference to Authenticated (Teacher+) Account Takeover/Privilege Escalation + author: topscoder + severity: low + description: > + The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with teacher-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/411693fc-9df3-44b1-9a6f-58a6e8ef23b8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-9637 + metadata: + fofa-query: "wp-content/plugins/wpschoolpress/" + google-query: inurl:"/wp-content/plugins/wpschoolpress/" + shodan-query: 'vuln:CVE-2024-9637' + tags: cve,wordpress,wp-plugin,wpschoolpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpschoolpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpschoolpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.10') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9642.yaml b/poc/cve/CVE-2024-9642.yaml new file mode 100644 index 0000000000..891abbb2e5 --- /dev/null +++ b/poc/cve/CVE-2024-9642.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9642 + +info: + name: > + Editor Custom Color Palette <= 3.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + The Editor Custom Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e7f858c-945c-4d12-a2a6-113449ad890a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9642 + metadata: + fofa-query: "wp-content/plugins/editor-custom-color-palette/" + google-query: inurl:"/wp-content/plugins/editor-custom-color-palette/" + shodan-query: 'vuln:CVE-2024-9642' + tags: cve,wordpress,wp-plugin,editor-custom-color-palette,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/editor-custom-color-palette/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "editor-custom-color-palette" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.7') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9772.yaml b/poc/cve/CVE-2024-9772.yaml new file mode 100644 index 0000000000..aeadf4b9fe --- /dev/null +++ b/poc/cve/CVE-2024-9772.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9772 + +info: + name: > + Uix Shortcodes – Compatible with Gutenberg <= 1.9.9 - Unauthenticated Arbitrary Shortcode Execution + author: topscoder + severity: high + description: > + The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3000758d-68e0-46a6-aef0-e2407a828168?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L + cvss-score: 7.3 + cve-id: CVE-2024-9772 + metadata: + fofa-query: "wp-content/plugins/uix-shortcodes/" + google-query: inurl:"/wp-content/plugins/uix-shortcodes/" + shodan-query: 'vuln:CVE-2024-9772' + tags: cve,wordpress,wp-plugin,uix-shortcodes,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uix-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uix-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.9') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9853.yaml b/poc/cve/CVE-2024-9853.yaml new file mode 100644 index 0000000000..5c01abafbd --- /dev/null +++ b/poc/cve/CVE-2024-9853.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9853 + +info: + name: > + ID-SK Toolkit <= 1.7.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + The ID-SK Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/001b452e-3f8a-4605-b77a-ba8fbd0d79d7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9853 + metadata: + fofa-query: "wp-content/plugins/idsk-toolkit/" + google-query: inurl:"/wp-content/plugins/idsk-toolkit/" + shodan-query: 'vuln:CVE-2024-9853' + tags: cve,wordpress,wp-plugin,idsk-toolkit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/idsk-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "idsk-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9890.yaml b/poc/cve/CVE-2024-9890.yaml new file mode 100644 index 0000000000..5a81b70176 --- /dev/null +++ b/poc/cve/CVE-2024-9890.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9890 + +info: + name: > + User Toolkit <= 1.2.3 - Authenticated (Subscriber+) Authentication Bypass + author: topscoder + severity: low + description: > + The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/805f18e2-9a5a-48cf-81f4-825da4bfd8ef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-9890 + metadata: + fofa-query: "wp-content/plugins/user-toolkit/" + google-query: inurl:"/wp-content/plugins/user-toolkit/" + shodan-query: 'vuln:CVE-2024-9890' + tags: cve,wordpress,wp-plugin,user-toolkit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9930.yaml b/poc/cve/CVE-2024-9930.yaml new file mode 100644 index 0000000000..91269bcd8e --- /dev/null +++ b/poc/cve/CVE-2024-9930.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9930 + +info: + name: > + Extensions by HocWP Team <= 0.2.3.2 - Authentication Bypass + author: topscoder + severity: critical + description: > + The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2.3.2. This is due to missing validation on the user being supplied in the 'verify_email' action. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator. The vulnerability is in the Account extension. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca3775db-0722-4090-924e-81e38d5dce97?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-9930 + metadata: + fofa-query: "wp-content/plugins/sb-core/" + google-query: inurl:"/wp-content/plugins/sb-core/" + shodan-query: 'vuln:CVE-2024-9930' + tags: cve,wordpress,wp-plugin,sb-core,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sb-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sb-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.3.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9931.yaml b/poc/cve/CVE-2024-9931.yaml new file mode 100644 index 0000000000..73448d66ef --- /dev/null +++ b/poc/cve/CVE-2024-9931.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9931 + +info: + name: > + Wux Blog Editor <= 3.0.0 - Authentication Bypass to Administrator + author: topscoder + severity: critical + description: > + The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the autologin through the plugin. This makes it possible for unauthenticated attackers to log in to the first administrator user. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/494ef738-c900-4d00-8739-3b261586d4ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-9931 + metadata: + fofa-query: "wp-content/plugins/wux-blog-editor/" + google-query: inurl:"/wp-content/plugins/wux-blog-editor/" + shodan-query: 'vuln:CVE-2024-9931' + tags: cve,wordpress,wp-plugin,wux-blog-editor,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wux-blog-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wux-blog-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9932.yaml b/poc/cve/CVE-2024-9932.yaml new file mode 100644 index 0000000000..8f8ee1efbf --- /dev/null +++ b/poc/cve/CVE-2024-9932.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9932 + +info: + name: > + Wux Blog Editor <= 3.0.0 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: critical + description: > + The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2c0ab2d-1ba9-4a0a-b1fa-bacebe1034eb?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-9932 + metadata: + fofa-query: "wp-content/plugins/wux-blog-editor/" + google-query: inurl:"/wp-content/plugins/wux-blog-editor/" + shodan-query: 'vuln:CVE-2024-9932' + tags: cve,wordpress,wp-plugin,wux-blog-editor,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wux-blog-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wux-blog-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9933.yaml b/poc/cve/CVE-2024-9933.yaml new file mode 100644 index 0000000000..ae96e375d2 --- /dev/null +++ b/poc/cve/CVE-2024-9933.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9933 + +info: + name: > + WatchTowerHQ <= 3.9.6 - Authentication Bypass to Administrator due to Missing Empty Value Check + author: topscoder + severity: critical + description: > + The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.6. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50349086-e7b0-4f73-8722-1367cc05180e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-9933 + metadata: + fofa-query: "wp-content/plugins/watchtowerhq/" + google-query: inurl:"/wp-content/plugins/watchtowerhq/" + shodan-query: 'vuln:CVE-2024-9933' + tags: cve,wordpress,wp-plugin,watchtowerhq,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/watchtowerhq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "watchtowerhq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9967.yaml b/poc/cve/CVE-2024-9967.yaml new file mode 100644 index 0000000000..e49f23b9fa --- /dev/null +++ b/poc/cve/CVE-2024-9967.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9967 + +info: + name: > + WP show more <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via show_more Shortcode + author: topscoder + severity: low + description: > + The WP show more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's show_more shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1de269b5-7262-45c8-8819-00982f196597?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9967 + metadata: + fofa-query: "wp-content/plugins/wp-show-more/" + google-query: inurl:"/wp-content/plugins/wp-show-more/" + shodan-query: 'vuln:CVE-2024-9967' + tags: cve,wordpress,wp-plugin,wp-show-more,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-show-more/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-show-more" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/poc/other/editor-custom-color-palette.yaml b/poc/other/editor-custom-color-palette.yaml new file mode 100644 index 0000000000..498459c921 --- /dev/null +++ b/poc/other/editor-custom-color-palette.yaml @@ -0,0 +1,59 @@ +id: editor-custom-color-palette + +info: + name: > + Editor Custom Color Palette <= 3.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e7f858c-945c-4d12-a2a6-113449ad890a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/editor-custom-color-palette/" + google-query: inurl:"/wp-content/plugins/editor-custom-color-palette/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,editor-custom-color-palette,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/editor-custom-color-palette/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "editor-custom-color-palette" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.7') \ No newline at end of file diff --git a/poc/other/idsk-toolkit.yaml b/poc/other/idsk-toolkit.yaml new file mode 100644 index 0000000000..0cc4064f46 --- /dev/null +++ b/poc/other/idsk-toolkit.yaml @@ -0,0 +1,59 @@ +id: idsk-toolkit + +info: + name: > + ID-SK Toolkit <= 1.7.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/001b452e-3f8a-4605-b77a-ba8fbd0d79d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/idsk-toolkit/" + google-query: inurl:"/wp-content/plugins/idsk-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,idsk-toolkit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/idsk-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "idsk-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.2') \ No newline at end of file diff --git a/poc/other/pripre.yaml b/poc/other/pripre.yaml new file mode 100644 index 0000000000..234fba00c6 --- /dev/null +++ b/poc/other/pripre.yaml @@ -0,0 +1,59 @@ +id: pripre + +info: + name: > + PriPre <= 0.4.11 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6662fee4-7e04-492f-bf79-2c915da92c92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pripre/" + google-query: inurl:"/wp-content/plugins/pripre/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pripre,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pripre/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pripre" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.11') \ No newline at end of file diff --git a/poc/other/sb-core.yaml b/poc/other/sb-core.yaml new file mode 100644 index 0000000000..2bf9c99d1b --- /dev/null +++ b/poc/other/sb-core.yaml @@ -0,0 +1,59 @@ +id: sb-core + +info: + name: > + Extensions by HocWP Team <= 0.2.3.2 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca3775db-0722-4090-924e-81e38d5dce97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sb-core/" + google-query: inurl:"/wp-content/plugins/sb-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sb-core,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sb-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sb-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.3.2') \ No newline at end of file diff --git a/poc/other/sogrid.yaml b/poc/other/sogrid.yaml new file mode 100644 index 0000000000..32f9eb12cd --- /dev/null +++ b/poc/other/sogrid.yaml @@ -0,0 +1,59 @@ +id: sogrid + +info: + name: > + WordPress Post Grid Layouts with Pagination – Sogrid <= 1.5.2 - Authenticated (Admin+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62d81e01-9b6e-48e9-b9da-85444a3694e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sogrid/" + google-query: inurl:"/wp-content/plugins/sogrid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sogrid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sogrid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sogrid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/poc/other/uix-shortcodes.yaml b/poc/other/uix-shortcodes.yaml new file mode 100644 index 0000000000..c4d56809cd --- /dev/null +++ b/poc/other/uix-shortcodes.yaml @@ -0,0 +1,59 @@ +id: uix-shortcodes + +info: + name: > + Uix Shortcodes – Compatible with Gutenberg <= 1.9.9 - Unauthenticated Arbitrary Shortcode Execution + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3000758d-68e0-46a6-aef0-e2407a828168?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uix-shortcodes/" + google-query: inurl:"/wp-content/plugins/uix-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uix-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uix-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uix-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.9') \ No newline at end of file diff --git a/poc/other/user-toolkit.yaml b/poc/other/user-toolkit.yaml new file mode 100644 index 0000000000..0275250131 --- /dev/null +++ b/poc/other/user-toolkit.yaml @@ -0,0 +1,59 @@ +id: user-toolkit + +info: + name: > + User Toolkit <= 1.2.3 - Authenticated (Subscriber+) Authentication Bypass + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/805f18e2-9a5a-48cf-81f4-825da4bfd8ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-toolkit/" + google-query: inurl:"/wp-content/plugins/user-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-toolkit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/poc/other/wux-blog-editor.yaml b/poc/other/wux-blog-editor.yaml new file mode 100644 index 0000000000..362b6e1bd6 --- /dev/null +++ b/poc/other/wux-blog-editor.yaml @@ -0,0 +1,59 @@ +id: wux-blog-editor + +info: + name: > + Wux Blog Editor <= 3.0.0 - Authentication Bypass to Administrator + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/494ef738-c900-4d00-8739-3b261586d4ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wux-blog-editor/" + google-query: inurl:"/wp-content/plugins/wux-blog-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wux-blog-editor,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wux-blog-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wux-blog-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0') \ No newline at end of file diff --git a/poc/other/zemanta.yaml b/poc/other/zemanta.yaml new file mode 100644 index 0000000000..0b29490940 --- /dev/null +++ b/poc/other/zemanta.yaml @@ -0,0 +1,59 @@ +id: zemanta + +info: + name: > + Editorial Assistant by Sovrn <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Attachment Upload and Set Post Featured Image + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8775662f-d007-4edf-826e-f755d7b11c25?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zemanta/" + google-query: inurl:"/wp-content/plugins/zemanta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zemanta,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zemanta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zemanta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/poc/wordpress/monkee-boy-wp-essentials.yaml b/poc/wordpress/monkee-boy-wp-essentials.yaml new file mode 100644 index 0000000000..3ba35f0c63 --- /dev/null +++ b/poc/wordpress/monkee-boy-wp-essentials.yaml @@ -0,0 +1,59 @@ +id: monkee-boy-wp-essentials + +info: + name: > + Monkee-Boy Essentials <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c44c1a50-e282-4a5b-8b7f-1021c9d6f58e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/monkee-boy-wp-essentials/" + google-query: inurl:"/wp-content/plugins/monkee-boy-wp-essentials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,monkee-boy-wp-essentials,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/monkee-boy-wp-essentials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "monkee-boy-wp-essentials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/poc/wordpress/wp-awesome-login.yaml b/poc/wordpress/wp-awesome-login.yaml new file mode 100644 index 0000000000..1e53cec140 --- /dev/null +++ b/poc/wordpress/wp-awesome-login.yaml @@ -0,0 +1,59 @@ +id: wp-awesome-login + +info: + name: > + WP Awesome Login <= 0.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0841127c-fe81-47b1-964f-15e006f618af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-awesome-login/" + google-query: inurl:"/wp-content/plugins/wp-awesome-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-awesome-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-awesome-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-awesome-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.0') \ No newline at end of file diff --git a/poc/wordpress/wp-show-more.yaml b/poc/wordpress/wp-show-more.yaml new file mode 100644 index 0000000000..5b5625bec8 --- /dev/null +++ b/poc/wordpress/wp-show-more.yaml @@ -0,0 +1,59 @@ +id: wp-show-more + +info: + name: > + WP show more <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via show_more Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1de269b5-7262-45c8-8819-00982f196597?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-show-more/" + google-query: inurl:"/wp-content/plugins/wp-show-more/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-show-more,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-show-more/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-show-more" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file