20241011

date.txt

@@ -1 +1 @@
-20241010
+20241011

poc/auth/author-avatars-ea26b7b4351d1c727a13f54ec8c77adc.yaml

@@ -0,0 +1,59 @@
+id: author-avatars-ea26b7b4351d1c727a13f54ec8c77adc
+
+info:
+  name: >
+    Author Avatars List/Block <= 2.1.21 - Authenticated (Subscriber+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b9aaafb-cb39-4a3b-85db-d0a8e9498d60?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/author-avatars/"
+    google-query: inurl:"/wp-content/plugins/author-avatars/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,author-avatars,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/author-avatars/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "author-avatars"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 2.1.21')

poc/auth/cssjockey-add-ons.yaml

@@ -0,0 +1,59 @@
+id: cssjockey-add-ons
+
+info:
+  name: >
+    WP Builder <= 3.0.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/041c21fb-f2f0-45cb-b3ae-20f3ae22c947?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/cssjockey-add-ons/"
+    google-query: inurl:"/wp-content/plugins/cssjockey-add-ons/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,cssjockey-add-ons,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/cssjockey-add-ons/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "cssjockey-add-ons"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 3.0.7')

poc/auth/simple-membership-after-login-redirection-85e327a5d6d50220e697bef330baf141.yaml

@@ -0,0 +1,59 @@
+id: simple-membership-after-login-redirection-85e327a5d6d50220e697bef330baf141
+
+info:
+  name: >
+    Simple Membership After Login Redirection <= 1.6 - Open Redirect
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f959e61-16cf-4260-b21b-8edb95a3cd65?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/simple-membership-after-login-redirection/"
+    google-query: inurl:"/wp-content/plugins/simple-membership-after-login-redirection/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,simple-membership-after-login-redirection,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/simple-membership-after-login-redirection/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "simple-membership-after-login-redirection"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.6')

poc/auth/wp-webauthn-f28b000296f06a779e749742a94d7bfb.yaml

@@ -0,0 +1,59 @@
+id: wp-webauthn-f28b000296f06a779e749742a94d7bfb
+
+info:
+  name: >
+    WP-WebAuthn <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
+  author: topscoder
+  severity: low
+  description: >
+    
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/2bffed25-d7f0-40de-a55d-42653aff0673?source=api-scan
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: 
+  metadata:
+    fofa-query: "wp-content/plugins/wp-webauthn/"
+    google-query: inurl:"/wp-content/plugins/wp-webauthn/"
+    shodan-query: 'vuln:'
+  tags: cve,wordpress,wp-plugin,wp-webauthn,low
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/wp-webauthn/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "wp-webauthn"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.3.1')

poc/aws/CVE-2024-9436-72a457058cb05b316cebd946dd84ec21.yaml

@@ -0,0 +1,59 @@
+id: CVE-2024-9436-72a457058cb05b316cebd946dd84ec21
+
+info:
+  name: >
+    PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.14 - Reflected Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.14. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/982bc924-1dcd-47b5-b15a-4ff0ad123ad1?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2024-9436
+  metadata:
+    fofa-query: "wp-content/plugins/revisionary/"
+    google-query: inurl:"/wp-content/plugins/revisionary/"
+    shodan-query: 'vuln:CVE-2024-9436'
+  tags: cve,wordpress,wp-plugin,revisionary,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/revisionary/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "revisionary"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 3.5.14')

poc/cve/CVE-2024-44002-1fba8b0f3e2abed1d7cbeb91a80d70ee.yaml

@@ -0,0 +1,59 @@
+id: CVE-2024-44002-1fba8b0f3e2abed1d7cbeb91a80d70ee
+
+info:
+  name: >
+    Team Showcase <= 1.22.25 - Reflected Cross-Site Scripting
+  author: topscoder
+  severity: medium
+  description: >
+    The Team Showcase plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.22.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+  reference:
+    - https://github.com/topscoder/nuclei-wordfence-cve
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/328c2df0-e8e9-46e8-a95d-d0b65f9d2f0b?source=api-prod
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 6.1
+    cve-id: CVE-2024-44002
+  metadata:
+    fofa-query: "wp-content/plugins/team/"
+    google-query: inurl:"/wp-content/plugins/team/"
+    shodan-query: 'vuln:CVE-2024-44002'
+  tags: cve,wordpress,wp-plugin,team,medium
+
+http:
+  - method: GET
+    redirects: true
+    max-redirects: 3
+    path:
+      - "{{BaseURL}}/wp-content/plugins/team/readme.txt"
+
+    extractors:
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        internal: true
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+      - type: regex
+        name: version
+        part: body
+        group: 1
+        regex:
+          - "(?mi)Stable tag: ([0-9.]+)"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "team"
+        part: body
+
+      - type: dsl
+        dsl:
+          - compare_versions(version, '<= 1.22.25')