From c2b4ca55eec7a8d21622b3411ba6dd8c1491c4ad Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 12 Oct 2024 12:37:27 +0000 Subject: [PATCH] 20241012 --- date.txt | 2 +- poc.txt | 172 ++++++++++++++++++ ...le-membership-after-login-redirection.yaml | 59 ++++++ ...thor-3f4de7ecb8586f0c99558a166624662d.yaml | 59 ++++++ ...core-d2d00414cf6e61ec23999dd4278c171a.yaml | 59 ++++++ poc/cve/CVE-2024-44010.yaml | 59 ++++++ poc/cve/CVE-2024-45454.yaml | 59 ++++++ poc/cve/CVE-2024-47348.yaml | 59 ++++++ poc/cve/CVE-2024-47349.yaml | 59 ++++++ poc/cve/CVE-2024-47350.yaml | 59 ++++++ poc/cve/CVE-2024-47351.yaml | 59 ++++++ poc/cve/CVE-2024-47352.yaml | 59 ++++++ poc/cve/CVE-2024-47353.yaml | 59 ++++++ poc/cve/CVE-2024-47354.yaml | 59 ++++++ poc/cve/CVE-2024-47355.yaml | 59 ++++++ poc/cve/CVE-2024-47356.yaml | 59 ++++++ poc/cve/CVE-2024-47357.yaml | 59 ++++++ poc/cve/CVE-2024-47358.yaml | 59 ++++++ poc/cve/CVE-2024-47359.yaml | 59 ++++++ poc/cve/CVE-2024-47360.yaml | 59 ++++++ poc/cve/CVE-2024-47361.yaml | 59 ++++++ poc/cve/CVE-2024-47362.yaml | 59 ++++++ poc/cve/CVE-2024-47363.yaml | 59 ++++++ poc/cve/CVE-2024-47364.yaml | 59 ++++++ poc/cve/CVE-2024-47365.yaml | 59 ++++++ poc/cve/CVE-2024-47366.yaml | 59 ++++++ poc/cve/CVE-2024-47367.yaml | 59 ++++++ poc/cve/CVE-2024-47368.yaml | 59 ++++++ poc/cve/CVE-2024-47369.yaml | 59 ++++++ poc/cve/CVE-2024-47370.yaml | 59 ++++++ poc/cve/CVE-2024-47371.yaml | 59 ++++++ poc/cve/CVE-2024-47372.yaml | 59 ++++++ poc/cve/CVE-2024-47373.yaml | 59 ++++++ poc/cve/CVE-2024-47375.yaml | 59 ++++++ poc/cve/CVE-2024-47376.yaml | 59 ++++++ poc/cve/CVE-2024-47377.yaml | 59 ++++++ poc/cve/CVE-2024-47378.yaml | 59 ++++++ poc/cve/CVE-2024-47379.yaml | 59 ++++++ poc/cve/CVE-2024-47380.yaml | 59 ++++++ poc/cve/CVE-2024-47381.yaml | 59 ++++++ poc/cve/CVE-2024-47382.yaml | 59 ++++++ poc/cve/CVE-2024-47383.yaml | 59 ++++++ poc/cve/CVE-2024-47384.yaml | 59 ++++++ poc/cve/CVE-2024-47385.yaml | 59 ++++++ poc/cve/CVE-2024-47386.yaml | 59 ++++++ poc/cve/CVE-2024-47387.yaml | 59 ++++++ poc/cve/CVE-2024-47388.yaml | 59 ++++++ poc/cve/CVE-2024-47389.yaml | 59 ++++++ poc/cve/CVE-2024-47390.yaml | 59 ++++++ poc/cve/CVE-2024-47391.yaml | 59 ++++++ poc/cve/CVE-2024-47392.yaml | 59 ++++++ poc/cve/CVE-2024-47393.yaml | 59 ++++++ poc/cve/CVE-2024-47394.yaml | 59 ++++++ poc/cve/CVE-2024-47395.yaml | 59 ++++++ poc/cve/CVE-2024-47621.yaml | 59 ++++++ poc/cve/CVE-2024-47622.yaml | 59 ++++++ poc/cve/CVE-2024-47623.yaml | 59 ++++++ poc/cve/CVE-2024-47624.yaml | 59 ++++++ poc/cve/CVE-2024-47625.yaml | 59 ++++++ poc/cve/CVE-2024-47626.yaml | 59 ++++++ poc/cve/CVE-2024-47627.yaml | 59 ++++++ poc/cve/CVE-2024-47628.yaml | 59 ++++++ poc/cve/CVE-2024-47629.yaml | 59 ++++++ poc/cve/CVE-2024-47630.yaml | 59 ++++++ poc/cve/CVE-2024-47631.yaml | 59 ++++++ poc/cve/CVE-2024-47632.yaml | 59 ++++++ poc/cve/CVE-2024-47633.yaml | 59 ++++++ poc/cve/CVE-2024-47634.yaml | 59 ++++++ poc/cve/CVE-2024-47635.yaml | 59 ++++++ poc/cve/CVE-2024-47636.yaml | 59 ++++++ poc/cve/CVE-2024-47637.yaml | 59 ++++++ poc/cve/CVE-2024-47638.yaml | 59 ++++++ poc/cve/CVE-2024-47639.yaml | 59 ++++++ poc/cve/CVE-2024-47642.yaml | 59 ++++++ poc/cve/CVE-2024-47643.yaml | 59 ++++++ poc/cve/CVE-2024-47644.yaml | 59 ++++++ poc/cve/CVE-2024-47645.yaml | 59 ++++++ poc/cve/CVE-2024-47646.yaml | 59 ++++++ poc/cve/CVE-2024-47647.yaml | 59 ++++++ poc/cve/CVE-2024-47648.yaml | 59 ++++++ poc/cve/CVE-2024-47649.yaml | 59 ++++++ poc/cve/CVE-2024-47650.yaml | 59 ++++++ ...7489-aa8f1735fc553f9668252fa41454f24d.yaml | 59 ++++++ poc/cve/CVE-2024-7514.yaml | 60 ++++++ ...8492-94675fec1abc838fe0b6b303f8fc36d8.yaml | 59 ++++++ ...8493-187c32b4472ed4bbe2ad3f6482869576.yaml | 59 ++++++ ...8619-68e42e392b92a31acf5085fd0331fe98.yaml | 59 ++++++ ...8757-234bd8d60a5f32f1b24409ba56f236a6.yaml | 59 ++++++ ...8760-97bda91e9d60d0f1065494ed99fe53b7.yaml | 59 ++++++ ...8902-973a09e850f27d16cf400f1ff83278bd.yaml | 59 ++++++ poc/cve/CVE-2024-8913.yaml | 59 ++++++ ...8915-c96fbadd6669597791ff972bbeeaf8cd.yaml | 59 ++++++ ...9047-4fa9dae40fda722965808b936ffa6acb.yaml | 59 ++++++ poc/cve/CVE-2024-9051.yaml | 59 ++++++ ...9187-8b43f9d2f6a2b591d59c81d2238caf51.yaml | 59 ++++++ poc/cve/CVE-2024-9211.yaml | 59 ++++++ poc/cve/CVE-2024-9221.yaml | 59 ++++++ poc/cve/CVE-2024-9232.yaml | 59 ++++++ poc/cve/CVE-2024-9234.yaml | 59 ++++++ poc/cve/CVE-2024-9346.yaml | 59 ++++++ poc/cve/CVE-2024-9436.yaml | 59 ++++++ poc/cve/CVE-2024-9507.yaml | 59 ++++++ poc/cve/CVE-2024-9538.yaml | 59 ++++++ poc/cve/CVE-2024-9543.yaml | 59 ++++++ poc/cve/CVE-2024-9586.yaml | 59 ++++++ poc/cve/CVE-2024-9587.yaml | 59 ++++++ ...9592-fff4a8a541e39d94b5f0980d29acdfe3.yaml | 59 ++++++ ...9595-0c12058c023c26b1446aa326839994fd.yaml | 59 ++++++ poc/cve/CVE-2024-9610.yaml | 59 ++++++ poc/cve/CVE-2024-9611.yaml | 59 ++++++ poc/cve/CVE-2024-9616.yaml | 59 ++++++ ...9656-5e11b0669cd68a7b45a069c732842ecd.yaml | 59 ++++++ ...9670-590d40c02bbb47b092deffa0e1d25829.yaml | 59 ++++++ ...9696-7eb3ceca660ff8ed51fe8b0a6a2f165c.yaml | 59 ++++++ ...9704-f21a430d525f14c5222622c2499dbc1f.yaml | 59 ++++++ poc/cve/CVE-2024-9707.yaml | 59 ++++++ ...9756-64a408f630e792f3ff717cc9822672de.yaml | 59 ++++++ ...9776-b87b3db31f1eda93892f1d85c0aa0846.yaml | 59 ++++++ ...9778-f12d8ad8d5a8b1346844c8509cb8d77c.yaml | 59 ++++++ ...9821-3c976b43c465f64b4e1fa1afc3ed719b.yaml | 59 ++++++ poc/cve/CVE-2024-9822.yaml | 59 ++++++ ...9824-44742b5dfe15bf136d8b10c8fdb6d6e7.yaml | 59 ++++++ ...9860-b04ee97e5d460a289f93568831e0cf5e.yaml | 59 ++++++ poc/cve/cve-2004-0519-1306.yaml | 5 + poc/cve/cve-2018-11784-3214.yaml | 3 + poc/cve/cve-2018-16761-3398.yaml | 3 + poc/cve/cve-2018-19439-3475.yaml | 2 + poc/cve/cve-2018-8719-3640.yaml | 4 + poc/cve/cve-2019-15713-3884.yaml | 5 + poc/cve/cve-2019-20141-4079.yaml | 6 +- poc/cve/cve-2019-5127-4160.yaml | 5 + poc/cve/cve-2019-8937-4274.yaml | 3 + poc/cve/cve-2021-21975-5561.yaml | 3 + ...le-membership-after-login-redirection.yaml | 59 ++++++ ...ujin-f775dedf778f01d96f3cf104b4a5ff00.yaml | 59 ++++++ ...lder-1c9e26180c0458c7b22a8f5c9fac5359.yaml | 59 ++++++ ...tically-hierarchic-categories-in-menu.yaml | 59 ++++++ ...icon-1ba7a71509a41771343e0fdcceeb4a9f.yaml | 59 ++++++ poc/other/copyscape-premium.yaml | 59 ++++++ poc/other/cozy-addons.yaml | 59 ++++++ poc/other/create.yaml | 59 ++++++ poc/other/full-frame.yaml | 59 ++++++ poc/other/gallery-lightbox-slider.yaml | 59 ++++++ poc/other/gutenkit-blocks-addon.yaml | 59 ++++++ poc/other/hunk-companion.yaml | 59 ++++++ poc/other/iconize.yaml | 59 ++++++ ...lery-5cfbe2b947bf468de048d29d22757022.yaml | 59 ++++++ ...lery-8c902b296c6de2f23311d1cc4dcb0519.yaml | 59 ++++++ ...lery-a62704cbf770b776cbd66d817df952f0.yaml | 59 ++++++ poc/other/include-fussball-de-widgets.yaml | 59 ++++++ poc/other/language-switcher.yaml | 59 ++++++ poc/other/linkz-ai.yaml | 59 ++++++ poc/other/maxslider.yaml | 59 ++++++ poc/other/metasync.yaml | 59 ++++++ ...lder-e5ef52784bd604a03534c96c5c5b985d.yaml | 59 ++++++ ...cate-7a1c89e0233f23e5f8c8d08caace9488.yaml | 59 ++++++ poc/other/pedalo-connector.yaml | 59 ++++++ ...more-948d18a9ecd43f2950c17fb1b54f2e66.yaml | 59 ++++++ ...odes-5be8dc0066a80e59bb7593a87c0fc14c.yaml | 59 ++++++ ...esponsive-client-logo-carousel-slider.yaml | 59 ++++++ poc/other/revisionary.yaml | 59 ++++++ ...ocks-290415cadef9c19a55802d0694d0c4ba.yaml | 59 ++++++ ...ress-32c13893c2404906ff08443b389c0f94.yaml | 59 ++++++ ...ndar-a1141cabd552a0d37d25ef7fd91f243f.yaml | 59 ++++++ poc/other/tiny-compress-images.yaml | 59 ++++++ poc/other/vdocipher.yaml | 59 ++++++ poc/other/video-embed-privacy.yaml | 59 ++++++ poc/other/woo-save-abandoned-carts.yaml | 59 ++++++ poc/other/xl-tab.yaml | 59 ++++++ ...erce-95e4471cf7b0cdfb6c9aec1a9d40a0ae.yaml | 59 ++++++ ...erce-d72cf819fcb5997a2922f8848f39656f.yaml | 59 ++++++ ...lite-e7ba06e90ec10cb19dc2494089497f4f.yaml | 59 ++++++ ...ring-89c738e746dab8d430975f04439c54b6.yaml | 59 ++++++ ...9704-f21a430d525f14c5222622c2499dbc1f.yaml | 59 ++++++ ...9776-b87b3db31f1eda93892f1d85c0aa0846.yaml | 59 ++++++ ...9824-44742b5dfe15bf136d8b10c8fdb6d6e7.yaml | 59 ++++++ ...ile-size-maximum-execution-time-limit.yaml | 59 ++++++ ...load-439c10683c6c205110b225b20910cc36.yaml | 59 ++++++ ...p-wp-6180a3b6b3e533e17e26dc2174349f0a.yaml | 59 ++++++ ...opup-705de09e622918c55b7a1ab10bf33e2a.yaml | 59 ++++++ poc/wordpress/wp-bulk-delete.yaml | 59 ++++++ ...load-439c10683c6c205110b225b20910cc36.yaml | 59 ++++++ poc/wordpress/wp-mylinks.yaml | 59 ++++++ ...thor-3f4de7ecb8586f0c99558a166624662d.yaml | 59 ++++++ 184 files changed, 10360 insertions(+), 2 deletions(-) create mode 100644 poc/auth/simple-membership-after-login-redirection.yaml create mode 100644 poc/auth/wp-post-author-3f4de7ecb8586f0c99558a166624662d.yaml create mode 100644 poc/aws/bridge-core-d2d00414cf6e61ec23999dd4278c171a.yaml create mode 100644 poc/cve/CVE-2024-44010.yaml create mode 100644 poc/cve/CVE-2024-45454.yaml create mode 100644 poc/cve/CVE-2024-47348.yaml create mode 100644 poc/cve/CVE-2024-47349.yaml create mode 100644 poc/cve/CVE-2024-47350.yaml create mode 100644 poc/cve/CVE-2024-47351.yaml create mode 100644 poc/cve/CVE-2024-47352.yaml create mode 100644 poc/cve/CVE-2024-47353.yaml create mode 100644 poc/cve/CVE-2024-47354.yaml create mode 100644 poc/cve/CVE-2024-47355.yaml create mode 100644 poc/cve/CVE-2024-47356.yaml create mode 100644 poc/cve/CVE-2024-47357.yaml create mode 100644 poc/cve/CVE-2024-47358.yaml create mode 100644 poc/cve/CVE-2024-47359.yaml create mode 100644 poc/cve/CVE-2024-47360.yaml create mode 100644 poc/cve/CVE-2024-47361.yaml create mode 100644 poc/cve/CVE-2024-47362.yaml create mode 100644 poc/cve/CVE-2024-47363.yaml create mode 100644 poc/cve/CVE-2024-47364.yaml create mode 100644 poc/cve/CVE-2024-47365.yaml create mode 100644 poc/cve/CVE-2024-47366.yaml create mode 100644 poc/cve/CVE-2024-47367.yaml create mode 100644 poc/cve/CVE-2024-47368.yaml create mode 100644 poc/cve/CVE-2024-47369.yaml create mode 100644 poc/cve/CVE-2024-47370.yaml create mode 100644 poc/cve/CVE-2024-47371.yaml create mode 100644 poc/cve/CVE-2024-47372.yaml create mode 100644 poc/cve/CVE-2024-47373.yaml create mode 100644 poc/cve/CVE-2024-47375.yaml create mode 100644 poc/cve/CVE-2024-47376.yaml create mode 100644 poc/cve/CVE-2024-47377.yaml create mode 100644 poc/cve/CVE-2024-47378.yaml create mode 100644 poc/cve/CVE-2024-47379.yaml create mode 100644 poc/cve/CVE-2024-47380.yaml create mode 100644 poc/cve/CVE-2024-47381.yaml create mode 100644 poc/cve/CVE-2024-47382.yaml create mode 100644 poc/cve/CVE-2024-47383.yaml create mode 100644 poc/cve/CVE-2024-47384.yaml create mode 100644 poc/cve/CVE-2024-47385.yaml create mode 100644 poc/cve/CVE-2024-47386.yaml create mode 100644 poc/cve/CVE-2024-47387.yaml create mode 100644 poc/cve/CVE-2024-47388.yaml create mode 100644 poc/cve/CVE-2024-47389.yaml create mode 100644 poc/cve/CVE-2024-47390.yaml create mode 100644 poc/cve/CVE-2024-47391.yaml create mode 100644 poc/cve/CVE-2024-47392.yaml create mode 100644 poc/cve/CVE-2024-47393.yaml create mode 100644 poc/cve/CVE-2024-47394.yaml create mode 100644 poc/cve/CVE-2024-47395.yaml create mode 100644 poc/cve/CVE-2024-47621.yaml create mode 100644 poc/cve/CVE-2024-47622.yaml create mode 100644 poc/cve/CVE-2024-47623.yaml create mode 100644 poc/cve/CVE-2024-47624.yaml create mode 100644 poc/cve/CVE-2024-47625.yaml create mode 100644 poc/cve/CVE-2024-47626.yaml create mode 100644 poc/cve/CVE-2024-47627.yaml create mode 100644 poc/cve/CVE-2024-47628.yaml create mode 100644 poc/cve/CVE-2024-47629.yaml create mode 100644 poc/cve/CVE-2024-47630.yaml create mode 100644 poc/cve/CVE-2024-47631.yaml create mode 100644 poc/cve/CVE-2024-47632.yaml create mode 100644 poc/cve/CVE-2024-47633.yaml create mode 100644 poc/cve/CVE-2024-47634.yaml create mode 100644 poc/cve/CVE-2024-47635.yaml create mode 100644 poc/cve/CVE-2024-47636.yaml create mode 100644 poc/cve/CVE-2024-47637.yaml create mode 100644 poc/cve/CVE-2024-47638.yaml create mode 100644 poc/cve/CVE-2024-47639.yaml create mode 100644 poc/cve/CVE-2024-47642.yaml create mode 100644 poc/cve/CVE-2024-47643.yaml create mode 100644 poc/cve/CVE-2024-47644.yaml create mode 100644 poc/cve/CVE-2024-47645.yaml create mode 100644 poc/cve/CVE-2024-47646.yaml create mode 100644 poc/cve/CVE-2024-47647.yaml create mode 100644 poc/cve/CVE-2024-47648.yaml create mode 100644 poc/cve/CVE-2024-47649.yaml create mode 100644 poc/cve/CVE-2024-47650.yaml create mode 100644 poc/cve/CVE-2024-7489-aa8f1735fc553f9668252fa41454f24d.yaml create mode 100644 poc/cve/CVE-2024-7514.yaml create mode 100644 poc/cve/CVE-2024-8492-94675fec1abc838fe0b6b303f8fc36d8.yaml create mode 100644 poc/cve/CVE-2024-8493-187c32b4472ed4bbe2ad3f6482869576.yaml create mode 100644 poc/cve/CVE-2024-8619-68e42e392b92a31acf5085fd0331fe98.yaml create mode 100644 poc/cve/CVE-2024-8757-234bd8d60a5f32f1b24409ba56f236a6.yaml create mode 100644 poc/cve/CVE-2024-8760-97bda91e9d60d0f1065494ed99fe53b7.yaml create mode 100644 poc/cve/CVE-2024-8902-973a09e850f27d16cf400f1ff83278bd.yaml create mode 100644 poc/cve/CVE-2024-8913.yaml create mode 100644 poc/cve/CVE-2024-8915-c96fbadd6669597791ff972bbeeaf8cd.yaml create mode 100644 poc/cve/CVE-2024-9047-4fa9dae40fda722965808b936ffa6acb.yaml create mode 100644 poc/cve/CVE-2024-9051.yaml create mode 100644 poc/cve/CVE-2024-9187-8b43f9d2f6a2b591d59c81d2238caf51.yaml create mode 100644 poc/cve/CVE-2024-9211.yaml create mode 100644 poc/cve/CVE-2024-9221.yaml create mode 100644 poc/cve/CVE-2024-9232.yaml create mode 100644 poc/cve/CVE-2024-9234.yaml create mode 100644 poc/cve/CVE-2024-9346.yaml create mode 100644 poc/cve/CVE-2024-9436.yaml create mode 100644 poc/cve/CVE-2024-9507.yaml create mode 100644 poc/cve/CVE-2024-9538.yaml create mode 100644 poc/cve/CVE-2024-9543.yaml create mode 100644 poc/cve/CVE-2024-9586.yaml create mode 100644 poc/cve/CVE-2024-9587.yaml create mode 100644 poc/cve/CVE-2024-9592-fff4a8a541e39d94b5f0980d29acdfe3.yaml create mode 100644 poc/cve/CVE-2024-9595-0c12058c023c26b1446aa326839994fd.yaml create mode 100644 poc/cve/CVE-2024-9610.yaml create mode 100644 poc/cve/CVE-2024-9611.yaml create mode 100644 poc/cve/CVE-2024-9616.yaml create mode 100644 poc/cve/CVE-2024-9656-5e11b0669cd68a7b45a069c732842ecd.yaml create mode 100644 poc/cve/CVE-2024-9670-590d40c02bbb47b092deffa0e1d25829.yaml create mode 100644 poc/cve/CVE-2024-9696-7eb3ceca660ff8ed51fe8b0a6a2f165c.yaml create mode 100644 poc/cve/CVE-2024-9704-f21a430d525f14c5222622c2499dbc1f.yaml create mode 100644 poc/cve/CVE-2024-9707.yaml create mode 100644 poc/cve/CVE-2024-9756-64a408f630e792f3ff717cc9822672de.yaml create mode 100644 poc/cve/CVE-2024-9776-b87b3db31f1eda93892f1d85c0aa0846.yaml create mode 100644 poc/cve/CVE-2024-9778-f12d8ad8d5a8b1346844c8509cb8d77c.yaml create mode 100644 poc/cve/CVE-2024-9821-3c976b43c465f64b4e1fa1afc3ed719b.yaml create mode 100644 poc/cve/CVE-2024-9822.yaml create mode 100644 poc/cve/CVE-2024-9824-44742b5dfe15bf136d8b10c8fdb6d6e7.yaml create mode 100644 poc/cve/CVE-2024-9860-b04ee97e5d460a289f93568831e0cf5e.yaml create mode 100644 poc/open_redirect/simple-membership-after-login-redirection.yaml create mode 100644 poc/other/2d-tag-cloud-widget-by-sujin-f775dedf778f01d96f3cf104b4a5ff00.yaml create mode 100644 poc/other/addon-elements-for-elementor-page-builder-1c9e26180c0458c7b22a8f5c9fac5359.yaml create mode 100644 poc/other/automatically-hierarchic-categories-in-menu.yaml create mode 100644 poc/other/category-icon-1ba7a71509a41771343e0fdcceeb4a9f.yaml create mode 100644 poc/other/copyscape-premium.yaml create mode 100644 poc/other/cozy-addons.yaml create mode 100644 poc/other/create.yaml create mode 100644 poc/other/full-frame.yaml create mode 100644 poc/other/gallery-lightbox-slider.yaml create mode 100644 poc/other/gutenkit-blocks-addon.yaml create mode 100644 poc/other/hunk-companion.yaml create mode 100644 poc/other/iconize.yaml create mode 100644 poc/other/image-gallery-5cfbe2b947bf468de048d29d22757022.yaml create mode 100644 poc/other/image-gallery-8c902b296c6de2f23311d1cc4dcb0519.yaml create mode 100644 poc/other/image-gallery-a62704cbf770b776cbd66d817df952f0.yaml create mode 100644 poc/other/include-fussball-de-widgets.yaml create mode 100644 poc/other/language-switcher.yaml create mode 100644 poc/other/linkz-ai.yaml create mode 100644 poc/other/maxslider.yaml create mode 100644 poc/other/metasync.yaml create mode 100644 poc/other/mynx-page-builder-e5ef52784bd604a03534c96c5c5b985d.yaml create mode 100644 poc/other/paypal-gift-certificate-7a1c89e0233f23e5f8c8d08caace9488.yaml create mode 100644 poc/other/pedalo-connector.yaml create mode 100644 poc/other/read-more-948d18a9ecd43f2950c17fb1b54f2e66.yaml create mode 100644 poc/other/rescue-shortcodes-5be8dc0066a80e59bb7593a87c0fc14c.yaml create mode 100644 poc/other/responsive-client-logo-carousel-slider.yaml create mode 100644 poc/other/revisionary.yaml create mode 100644 poc/other/stackable-ultimate-gutenberg-blocks-290415cadef9c19a55802d0694d0c4ba.yaml create mode 100644 poc/other/tablepress-32c13893c2404906ff08443b389c0f94.yaml create mode 100644 poc/other/the-events-calendar-a1141cabd552a0d37d25ef7fd91f243f.yaml create mode 100644 poc/other/tiny-compress-images.yaml create mode 100644 poc/other/vdocipher.yaml create mode 100644 poc/other/video-embed-privacy.yaml create mode 100644 poc/other/woo-save-abandoned-carts.yaml create mode 100644 poc/other/xl-tab.yaml create mode 100644 poc/remote_code_execution/bot-for-telegram-on-woocommerce-95e4471cf7b0cdfb6c9aec1a9d40a0ae.yaml create mode 100644 poc/remote_code_execution/order-attachments-for-woocommerce-d72cf819fcb5997a2922f8848f39656f.yaml create mode 100644 poc/search/ajax-search-lite-e7ba06e90ec10cb19dc2494089497f4f.yaml create mode 100644 poc/social/dvk-social-sharing-89c738e746dab8d430975f04439c54b6.yaml create mode 100644 poc/sql/CVE-2024-9704-f21a430d525f14c5222622c2499dbc1f.yaml create mode 100644 poc/sql/CVE-2024-9776-b87b3db31f1eda93892f1d85c0aa0846.yaml create mode 100644 poc/sql/CVE-2024-9824-44742b5dfe15bf136d8b10c8fdb6d6e7.yaml create mode 100644 poc/upload/increase-upload-file-size-maximum-execution-time-limit.yaml create mode 100644 poc/upload/wp-file-upload-439c10683c6c205110b225b20910cc36.yaml create mode 100644 poc/wordpress/mailchimp-wp-6180a3b6b3e533e17e26dc2174349f0a.yaml create mode 100644 poc/wordpress/wordpress-popup-705de09e622918c55b7a1ab10bf33e2a.yaml create mode 100644 poc/wordpress/wp-bulk-delete.yaml create mode 100644 poc/wordpress/wp-file-upload-439c10683c6c205110b225b20910cc36.yaml create mode 100644 poc/wordpress/wp-mylinks.yaml create mode 100644 poc/wordpress/wp-post-author-3f4de7ecb8586f0c99558a166624662d.yaml diff --git a/date.txt b/date.txt index 1c5e89a484..4c61f9c24a 100644 --- a/date.txt +++ b/date.txt @@ -1 +1 @@ -20241011 +20241012 diff --git a/poc.txt b/poc.txt index b6a03027ed..83a8951653 100644 --- a/poc.txt +++ b/poc.txt @@ -4981,6 +4981,7 @@ ./poc/auth/simple-login-log-4cc94d16ccb03df1036d379efd7278e5.yaml ./poc/auth/simple-login-log.yaml ./poc/auth/simple-membership-after-login-redirection-85e327a5d6d50220e697bef330baf141.yaml +./poc/auth/simple-membership-after-login-redirection.yaml ./poc/auth/simplesamlphp-authentication-f3c175d78e12da649ab69deea15f1f42.yaml ./poc/auth/simplesamlphp-authentication.yaml ./poc/auth/sitecore-login-10287.yaml @@ -5703,6 +5704,7 @@ ./poc/auth/wp-persistent-login-6477bf18cad6c823db485408d49b337b.yaml ./poc/auth/wp-persistent-login-e9da1de70651a35bb9b73728e0be1fd8.yaml ./poc/auth/wp-persistent-login.yaml +./poc/auth/wp-post-author-3f4de7ecb8586f0c99558a166624662d.yaml ./poc/auth/wp-post-author-46640ddca920a240fe1890d22cf85362.yaml ./poc/auth/wp-post-author-7d1b65ca652ea436aecffad9a54ff422.yaml ./poc/auth/wp-post-author-a78da0278c80430e84214732c8afbf50.yaml @@ -6262,6 +6264,7 @@ ./poc/aws/booking-system-977ec2121ba88a75805741a06eec4fe7.yaml ./poc/aws/booking-system-f6cec2337ae6685ae3d3eed6bf651927.yaml ./poc/aws/bp-group-documents-dd99678e1269634eec22746d04dd5202.yaml +./poc/aws/bridge-core-d2d00414cf6e61ec23999dd4278c171a.yaml ./poc/aws/bws-latest-posts-bb25a03d02a3503eec7965043ec23dee.yaml ./poc/aws/campaign-url-builder-f91fa603c0ec2fd04761c1624724c21a.yaml ./poc/aws/cart-link-for-woocommerce-e481e0ec20b92768d7f00d8a159fc718.yaml @@ -41058,6 +41061,7 @@ ./poc/cve/CVE-2024-4401-d790d6521995cbca6bedf9a614f719bf.yaml ./poc/cve/CVE-2024-4401.yaml ./poc/cve/CVE-2024-44010-591dd9808579a385e9818122bf42d97a.yaml +./poc/cve/CVE-2024-44010.yaml ./poc/cve/CVE-2024-44011-53463088715a3e72e7837d2cbf081bb8.yaml ./poc/cve/CVE-2024-44011.yaml ./poc/cve/CVE-2024-44012-784111425a2a488c0979bbf37ae2418d.yaml @@ -41315,6 +41319,7 @@ ./poc/cve/CVE-2024-45453-ca85bae5b1f28d61e1ee2efdc983f85e.yaml ./poc/cve/CVE-2024-45453.yaml ./poc/cve/CVE-2024-45454-31b465d4ea4ba3f42942eafda8e04e49.yaml +./poc/cve/CVE-2024-45454.yaml ./poc/cve/CVE-2024-45455-5d0fc9e9d45ecb7c3ccdfc532a002289.yaml ./poc/cve/CVE-2024-45455.yaml ./poc/cve/CVE-2024-45456-e583507dd78f3f8d9d5a74fa3c23e2e4.yaml @@ -41570,54 +41575,101 @@ ./poc/cve/CVE-2024-47347-ae73a8e5d21a750008eb7d80b26137dd.yaml ./poc/cve/CVE-2024-47347.yaml ./poc/cve/CVE-2024-47348-c05f49c8ba7ab5e13d4604216f6ab497.yaml +./poc/cve/CVE-2024-47348.yaml ./poc/cve/CVE-2024-47349-ca72ae91730fdbebffff7ea323886f8f.yaml +./poc/cve/CVE-2024-47349.yaml ./poc/cve/CVE-2024-47350-37333646e54f42a70cb2578fe3d936bb.yaml +./poc/cve/CVE-2024-47350.yaml ./poc/cve/CVE-2024-47351-8c877dfb95c2706fbe9696477e3c24cf.yaml +./poc/cve/CVE-2024-47351.yaml ./poc/cve/CVE-2024-47352-750cde10cee72d2f06eb98acdd37ef85.yaml +./poc/cve/CVE-2024-47352.yaml ./poc/cve/CVE-2024-47353-4a32421e447d678b191dd8387df0d37e.yaml +./poc/cve/CVE-2024-47353.yaml ./poc/cve/CVE-2024-47354-b69eee0532eb11b810df10c664ef445a.yaml +./poc/cve/CVE-2024-47354.yaml ./poc/cve/CVE-2024-47355-3b314b82b63d16806422b48468bfa724.yaml +./poc/cve/CVE-2024-47355.yaml ./poc/cve/CVE-2024-47356-0bf3afb95fee13cb1302f02411aa97a4.yaml +./poc/cve/CVE-2024-47356.yaml ./poc/cve/CVE-2024-47357-c91ede1fc25f80699e558e6d2a63c252.yaml +./poc/cve/CVE-2024-47357.yaml ./poc/cve/CVE-2024-47358-3a821fe686ae8a752cabc1e270385148.yaml +./poc/cve/CVE-2024-47358.yaml ./poc/cve/CVE-2024-47359-f19c4e1d6f7791c1701805bcfe9cbe9e.yaml +./poc/cve/CVE-2024-47359.yaml ./poc/cve/CVE-2024-47360-4894783469b241216810c3e6d9128152.yaml +./poc/cve/CVE-2024-47360.yaml ./poc/cve/CVE-2024-47361-771d796db85a8e3f8407e2c254e1487b.yaml +./poc/cve/CVE-2024-47361.yaml ./poc/cve/CVE-2024-47362-e16c7f9794a2797eb472f7e7f4af2cf3.yaml +./poc/cve/CVE-2024-47362.yaml ./poc/cve/CVE-2024-47363-657c182e62ac3dcfac902571bb0cb936.yaml +./poc/cve/CVE-2024-47363.yaml ./poc/cve/CVE-2024-47364-4ab0c00095805f15d77450e4e27a308f.yaml +./poc/cve/CVE-2024-47364.yaml ./poc/cve/CVE-2024-47365-66abb037313922770f58ac5db2836c15.yaml +./poc/cve/CVE-2024-47365.yaml ./poc/cve/CVE-2024-47366-8679a48e292f967e92dcab4283af0401.yaml +./poc/cve/CVE-2024-47366.yaml ./poc/cve/CVE-2024-47367-1265ce32018e1806ad9cc1a9eb4dcb9f.yaml +./poc/cve/CVE-2024-47367.yaml ./poc/cve/CVE-2024-47368-75720bae1910f03259342d378a4ad70b.yaml +./poc/cve/CVE-2024-47368.yaml ./poc/cve/CVE-2024-47369-87637a0547560391c4723959f70a58e4.yaml +./poc/cve/CVE-2024-47369.yaml ./poc/cve/CVE-2024-47370-2bf98cdaa953cede5e645dc85fc6f3bf.yaml +./poc/cve/CVE-2024-47370.yaml ./poc/cve/CVE-2024-47371-9acb546fb1ba748f21d86d8b939ea373.yaml +./poc/cve/CVE-2024-47371.yaml ./poc/cve/CVE-2024-47372-a4af40e83fe5896a435aada964e22ce8.yaml +./poc/cve/CVE-2024-47372.yaml ./poc/cve/CVE-2024-47373-36793681a35e7a8d67f98547bcfe2e95.yaml +./poc/cve/CVE-2024-47373.yaml ./poc/cve/CVE-2024-47374-eaaf7f93db755df0a7644dab440531e2.yaml ./poc/cve/CVE-2024-47374.yaml ./poc/cve/CVE-2024-47375-20088aa19e5cc24b23cd35266c4899e0.yaml +./poc/cve/CVE-2024-47375.yaml ./poc/cve/CVE-2024-47376-b7ec56e31869856fa6ed41b84596c8d6.yaml +./poc/cve/CVE-2024-47376.yaml ./poc/cve/CVE-2024-47377-25725c1b06c696fe307be1acd3b9143c.yaml +./poc/cve/CVE-2024-47377.yaml ./poc/cve/CVE-2024-47378-e97b3107a73bf3d8496096de6a94f9cf.yaml +./poc/cve/CVE-2024-47378.yaml ./poc/cve/CVE-2024-47379-c5146194ddf8b0fd2e80306d1dd70683.yaml +./poc/cve/CVE-2024-47379.yaml ./poc/cve/CVE-2024-47380-dabb6130cd0c41416433e11182fc101d.yaml +./poc/cve/CVE-2024-47380.yaml ./poc/cve/CVE-2024-47381-62edf71535a752c40e6228b1cef3b98f.yaml +./poc/cve/CVE-2024-47381.yaml ./poc/cve/CVE-2024-47382-8d533b054ef416766d9b485645b52bce.yaml +./poc/cve/CVE-2024-47382.yaml ./poc/cve/CVE-2024-47383-4898794fcbeef28d8fdca5db1c2ab63c.yaml +./poc/cve/CVE-2024-47383.yaml ./poc/cve/CVE-2024-47384-6e4fe0f667191a5ae05402be214b7450.yaml +./poc/cve/CVE-2024-47384.yaml ./poc/cve/CVE-2024-47385-3e580fb4c8fc3d20e8cb2417916691c8.yaml +./poc/cve/CVE-2024-47385.yaml ./poc/cve/CVE-2024-47386-da7dcac81b4d0c045af93c9873197554.yaml +./poc/cve/CVE-2024-47386.yaml ./poc/cve/CVE-2024-47387-b0cd01e5ba268128c1522b9e57c5cc81.yaml +./poc/cve/CVE-2024-47387.yaml ./poc/cve/CVE-2024-47388-0228156832c2c46a9908069c3523295d.yaml +./poc/cve/CVE-2024-47388.yaml ./poc/cve/CVE-2024-47389-8405bcb4e070eea5bda7ba43acf812d2.yaml +./poc/cve/CVE-2024-47389.yaml ./poc/cve/CVE-2024-47390-76ad71c583ecee449a0e6f8cb7b91019.yaml +./poc/cve/CVE-2024-47390.yaml ./poc/cve/CVE-2024-47391-b4c030f7f0a751150e39215f353f7652.yaml +./poc/cve/CVE-2024-47391.yaml ./poc/cve/CVE-2024-47392-a3b5c374deda150590467a1ea5bbc247.yaml +./poc/cve/CVE-2024-47392.yaml ./poc/cve/CVE-2024-47393-0c3f82d63177c4500308d9042ab0b338.yaml +./poc/cve/CVE-2024-47393.yaml ./poc/cve/CVE-2024-47394-ee8815b0fb284b6a69141af539f816bc.yaml +./poc/cve/CVE-2024-47394.yaml ./poc/cve/CVE-2024-47395-e95cbcdb42879cfc94362b988c89626d.yaml +./poc/cve/CVE-2024-47395.yaml ./poc/cve/CVE-2024-47396-b971457af765b6815fbf645fbb11d32e.yaml ./poc/cve/CVE-2024-47396.yaml ./poc/cve/CVE-2024-4742-0a6b3960416de849a428c7c081285e66.yaml @@ -41653,35 +41705,63 @@ ./poc/cve/CVE-2024-4759-3a5379366de7f552de353ab3d5098e66.yaml ./poc/cve/CVE-2024-4759.yaml ./poc/cve/CVE-2024-47621-c989bf37923ad9df5468293226886f18.yaml +./poc/cve/CVE-2024-47621.yaml ./poc/cve/CVE-2024-47622-f1216757e2b32bb43f7164d04b3a6b39.yaml +./poc/cve/CVE-2024-47622.yaml ./poc/cve/CVE-2024-47623-d18d2b5a5168d5e7325d250ae8a42974.yaml +./poc/cve/CVE-2024-47623.yaml ./poc/cve/CVE-2024-47624-73c11fa161828922e116e787d1b1c682.yaml +./poc/cve/CVE-2024-47624.yaml ./poc/cve/CVE-2024-47625-f24bc74dd9544a240be4fa26d7d91e9e.yaml +./poc/cve/CVE-2024-47625.yaml ./poc/cve/CVE-2024-47626-a50fca13801c957bc2ea1f05570047e0.yaml +./poc/cve/CVE-2024-47626.yaml ./poc/cve/CVE-2024-47627-a750d4aea7ae2c1e7f219cd7ac29150d.yaml +./poc/cve/CVE-2024-47627.yaml ./poc/cve/CVE-2024-47628-8fcc2c4f2df7c0eca1c4aa6f2cb3ee8f.yaml +./poc/cve/CVE-2024-47628.yaml ./poc/cve/CVE-2024-47629-e665d0ba0dd1e3a75f7f0402bc6e58ea.yaml +./poc/cve/CVE-2024-47629.yaml ./poc/cve/CVE-2024-47630-88ac2fee16dbb7484715f57a922d6331.yaml +./poc/cve/CVE-2024-47630.yaml ./poc/cve/CVE-2024-47631-836868f58dab768ed818eff09f638180.yaml +./poc/cve/CVE-2024-47631.yaml ./poc/cve/CVE-2024-47632-1e8239f0821ac42dddfab131d33e9ec3.yaml +./poc/cve/CVE-2024-47632.yaml ./poc/cve/CVE-2024-47633-3e9ee9fedbde18139742b8f2882ae9d4.yaml +./poc/cve/CVE-2024-47633.yaml ./poc/cve/CVE-2024-47634-1cf8549fca281583e8390754d16890f5.yaml +./poc/cve/CVE-2024-47634.yaml ./poc/cve/CVE-2024-47635-fdb3493fb4811f6df08d86524a5576cb.yaml +./poc/cve/CVE-2024-47635.yaml ./poc/cve/CVE-2024-47636-9512cf20b19eafc6634419accbd9b0e5.yaml +./poc/cve/CVE-2024-47636.yaml ./poc/cve/CVE-2024-47637-b86463f0dc2765a4d996011a29e96b9e.yaml +./poc/cve/CVE-2024-47637.yaml ./poc/cve/CVE-2024-47638-cc703dd87e979196c049d6684cd43aff.yaml +./poc/cve/CVE-2024-47638.yaml ./poc/cve/CVE-2024-47639-cb8110e222e2ba75bd6c450a0e187b23.yaml +./poc/cve/CVE-2024-47639.yaml ./poc/cve/CVE-2024-47641-397015a5c45ecc82604fe3a38d579ce5.yaml ./poc/cve/CVE-2024-47641.yaml ./poc/cve/CVE-2024-47642-a4560d528485cf909655d3cc53c76410.yaml +./poc/cve/CVE-2024-47642.yaml ./poc/cve/CVE-2024-47643-4e83617672e6d5e5f2d7a8e3c1f8d974.yaml +./poc/cve/CVE-2024-47643.yaml ./poc/cve/CVE-2024-47644-16a7a1f9c26b07de1e85ef4e6d3492a8.yaml +./poc/cve/CVE-2024-47644.yaml ./poc/cve/CVE-2024-47645-107ee6912b6dbf8ebc560bd5f696aa95.yaml +./poc/cve/CVE-2024-47645.yaml ./poc/cve/CVE-2024-47646-62e86757560ffc61272a4823ad17c4ae.yaml +./poc/cve/CVE-2024-47646.yaml ./poc/cve/CVE-2024-47647-8445f7aa906adfa9de397914074e7b93.yaml +./poc/cve/CVE-2024-47647.yaml ./poc/cve/CVE-2024-47648-ce051a3fa8c352f3e80f636863641587.yaml +./poc/cve/CVE-2024-47648.yaml ./poc/cve/CVE-2024-47649-ef8891e79c55d4fc92742b65660eef0e.yaml +./poc/cve/CVE-2024-47649.yaml ./poc/cve/CVE-2024-47650-d1485f343255f5695f17bf3ab9f522c7.yaml +./poc/cve/CVE-2024-47650.yaml ./poc/cve/CVE-2024-4779-2538af254bdbffcd0c4f76bfdaf81c5f.yaml ./poc/cve/CVE-2024-4779.yaml ./poc/cve/CVE-2024-4780-182a2726bab934644376e54f130f7c6f.yaml @@ -43214,6 +43294,7 @@ ./poc/cve/CVE-2024-7485.yaml ./poc/cve/CVE-2024-7486-4944a37a1f08a4c0f808d31cb701abc0.yaml ./poc/cve/CVE-2024-7486.yaml +./poc/cve/CVE-2024-7489-aa8f1735fc553f9668252fa41454f24d.yaml ./poc/cve/CVE-2024-7491-57292cedf3ffe8a05f22b0a34a93f1e7.yaml ./poc/cve/CVE-2024-7491.yaml ./poc/cve/CVE-2024-7492-2a27ab15f61a26513636485e06679756.yaml @@ -43226,6 +43307,7 @@ ./poc/cve/CVE-2024-7503-b46a0eea8e25a3dab9e097cc91cff9a0.yaml ./poc/cve/CVE-2024-7503.yaml ./poc/cve/CVE-2024-7514-5bd5922e4d9d0feaced186c1042366cb.yaml +./poc/cve/CVE-2024-7514.yaml ./poc/cve/CVE-2024-7548-162d895bf7f16c82058ce2c006071ab9.yaml ./poc/cve/CVE-2024-7548.yaml ./poc/cve/CVE-2024-7556-b7fed9351bafa7783a59e9c29c4c745a.yaml @@ -43610,6 +43692,8 @@ ./poc/cve/CVE-2024-8488.yaml ./poc/cve/CVE-2024-8490-248af65f72b1c2b0295c9ea833e7478d.yaml ./poc/cve/CVE-2024-8490.yaml +./poc/cve/CVE-2024-8492-94675fec1abc838fe0b6b303f8fc36d8.yaml +./poc/cve/CVE-2024-8493-187c32b4472ed4bbe2ad3f6482869576.yaml ./poc/cve/CVE-2024-8499-c9a5372eb2c0d1af0e98c1a128e1ba17.yaml ./poc/cve/CVE-2024-8499.yaml ./poc/cve/CVE-2024-8505-83a08aab53494aec2ab7878bf97aab78.yaml @@ -43649,6 +43733,7 @@ ./poc/cve/CVE-2024-8549.yaml ./poc/cve/CVE-2024-8552-3fed4d10e5322d73ee0e8c653106a656.yaml ./poc/cve/CVE-2024-8552.yaml +./poc/cve/CVE-2024-8619-68e42e392b92a31acf5085fd0331fe98.yaml ./poc/cve/CVE-2024-8621-7d60a8cdcf557152f36b470b1896351c.yaml ./poc/cve/CVE-2024-8621.yaml ./poc/cve/CVE-2024-8622-0703e404cdba311680d3e36cfe2a24e3.yaml @@ -43748,8 +43833,10 @@ ./poc/cve/CVE-2024-8743.yaml ./poc/cve/CVE-2024-8747-f757d510ac120bf89329e22a6153766c.yaml ./poc/cve/CVE-2024-8747.yaml +./poc/cve/CVE-2024-8757-234bd8d60a5f32f1b24409ba56f236a6.yaml ./poc/cve/CVE-2024-8758-b4b201de72ae2112a1088c6a9330f891.yaml ./poc/cve/CVE-2024-8758.yaml +./poc/cve/CVE-2024-8760-97bda91e9d60d0f1065494ed99fe53b7.yaml ./poc/cve/CVE-2024-8761-c4b3560e76a2e821342571d2f628840d.yaml ./poc/cve/CVE-2024-8761.yaml ./poc/cve/CVE-2024-8771-56576a1d647813c40294e7136a5f117c.yaml @@ -43791,13 +43878,16 @@ ./poc/cve/CVE-2024-8861.yaml ./poc/cve/CVE-2024-8872-af9dba20c77deb90e6dc21e6e1a04408.yaml ./poc/cve/CVE-2024-8872.yaml +./poc/cve/CVE-2024-8902-973a09e850f27d16cf400f1ff83278bd.yaml ./poc/cve/CVE-2024-8910-a21139e5574bbe79da0b0184ae2f61a0.yaml ./poc/cve/CVE-2024-8910.yaml ./poc/cve/CVE-2024-8911-4f15541bff60904dde80229d21bf76b6.yaml ./poc/cve/CVE-2024-8911.yaml ./poc/cve/CVE-2024-8913-f92acbe1ab4c2bc481efaed95ef9e70b.yaml +./poc/cve/CVE-2024-8913.yaml ./poc/cve/CVE-2024-8914-a880cd2d5e4d4bdbe19c9508e28fe443.yaml ./poc/cve/CVE-2024-8914.yaml +./poc/cve/CVE-2024-8915-c96fbadd6669597791ff972bbeeaf8cd.yaml ./poc/cve/CVE-2024-8917-6aaaaa729e35997797a61f2cd09b6335.yaml ./poc/cve/CVE-2024-8917.yaml ./poc/cve/CVE-2024-8919-fb0057a26cabecd9dfc880674f08a19a.yaml @@ -43837,9 +43927,11 @@ ./poc/cve/CVE-2024-9027.yaml ./poc/cve/CVE-2024-9028-dc0d91d4955ed06391d200994359ce87.yaml ./poc/cve/CVE-2024-9028.yaml +./poc/cve/CVE-2024-9047-4fa9dae40fda722965808b936ffa6acb.yaml ./poc/cve/CVE-2024-9049-0c91c2c9811f2f85c273c97777dda20b.yaml ./poc/cve/CVE-2024-9049.yaml ./poc/cve/CVE-2024-9051-d0cc990c4c2c72b3f1c15bf197875f13.yaml +./poc/cve/CVE-2024-9051.yaml ./poc/cve/CVE-2024-9057-ee128566fd1b65b2a04693f8e0c33bdf.yaml ./poc/cve/CVE-2024-9057.yaml ./poc/cve/CVE-2024-9060-41ef47a6487294481d3d630ad8136fe4.yaml @@ -43894,6 +43986,7 @@ ./poc/cve/CVE-2024-9173.yaml ./poc/cve/CVE-2024-9177-178dee7653fa8d80dc1711bad3dcec51.yaml ./poc/cve/CVE-2024-9177.yaml +./poc/cve/CVE-2024-9187-8b43f9d2f6a2b591d59c81d2238caf51.yaml ./poc/cve/CVE-2024-9189-887572e2c273c4a4bdeea21969a91124.yaml ./poc/cve/CVE-2024-9189.yaml ./poc/cve/CVE-2024-9204-0c84a13d3a82918c5d6c0973f90aa654.yaml @@ -43908,12 +44001,14 @@ ./poc/cve/CVE-2024-9210-05b930cdba52007cfc2ab2432260ceb1.yaml ./poc/cve/CVE-2024-9210.yaml ./poc/cve/CVE-2024-9211-bb6a727cd9f729d2c4f5e85e9849f1e6.yaml +./poc/cve/CVE-2024-9211.yaml ./poc/cve/CVE-2024-9218-75beb28483214f413384b6d563c1c16a.yaml ./poc/cve/CVE-2024-9218.yaml ./poc/cve/CVE-2024-9220-0848a89ff064206197a24c79c138cacc.yaml ./poc/cve/CVE-2024-9220-6b7a923979644588e49a124157ba30a7.yaml ./poc/cve/CVE-2024-9220.yaml ./poc/cve/CVE-2024-9221-44b4fae64b5bb2678c9926079b024280.yaml +./poc/cve/CVE-2024-9221.yaml ./poc/cve/CVE-2024-9222-6d3211dbe3c26f975c3e1ae606af3b47.yaml ./poc/cve/CVE-2024-9222.yaml ./poc/cve/CVE-2024-9224-1efc4b3eec1635b4d77de22289bef69f.yaml @@ -43925,7 +44020,9 @@ ./poc/cve/CVE-2024-9228-b8423e6fcac2024db44fa444099a9f5b.yaml ./poc/cve/CVE-2024-9228.yaml ./poc/cve/CVE-2024-9232-ae04b408f1f5990a6794318169fc173c.yaml +./poc/cve/CVE-2024-9232.yaml ./poc/cve/CVE-2024-9234-a70b6d1b82b579fc4a6ae49321787247.yaml +./poc/cve/CVE-2024-9234.yaml ./poc/cve/CVE-2024-9237-0780221ee4da552afeda6f1d6485730c.yaml ./poc/cve/CVE-2024-9237.yaml ./poc/cve/CVE-2024-9241-ab99313638ead0b4242684f4ddea4fdd.yaml @@ -43959,6 +44056,7 @@ ./poc/cve/CVE-2024-9345-e99c5e80262e6e1dfbcae56ebd888f2c.yaml ./poc/cve/CVE-2024-9345.yaml ./poc/cve/CVE-2024-9346-e439b0199a5e66918fb6aa956d50260c.yaml +./poc/cve/CVE-2024-9346.yaml ./poc/cve/CVE-2024-9349-7c25de810a6c2b05091210cf0a795a24.yaml ./poc/cve/CVE-2024-9349.yaml ./poc/cve/CVE-2024-9353-9de693d4e41071f01a7ec1909bb538f7.yaml @@ -43984,6 +44082,7 @@ ./poc/cve/CVE-2024-9435-5d078f7f1a49787ecddc7ee4b0d0833f.yaml ./poc/cve/CVE-2024-9435.yaml ./poc/cve/CVE-2024-9436-72a457058cb05b316cebd946dd84ec21.yaml +./poc/cve/CVE-2024-9436.yaml ./poc/cve/CVE-2024-9445-0fedc25f3077e00a018f5c725f6ded08.yaml ./poc/cve/CVE-2024-9445.yaml ./poc/cve/CVE-2024-9449-7847c82d35d6f9b2f1ba1661e710d7cb.yaml @@ -43995,6 +44094,7 @@ ./poc/cve/CVE-2024-9457-72dd9bc9875b76de9e691aa9064bfa77.yaml ./poc/cve/CVE-2024-9457.yaml ./poc/cve/CVE-2024-9507-698602582a898ef6e8ecf4cbadd940fc.yaml +./poc/cve/CVE-2024-9507.yaml ./poc/cve/CVE-2024-9518-feda24c489ca1e9c4a2da83d340cc3c2.yaml ./poc/cve/CVE-2024-9518.yaml ./poc/cve/CVE-2024-9519-3ec20334c310bfd5a54adeb128ccb5a1.yaml @@ -44006,18 +44106,39 @@ ./poc/cve/CVE-2024-9528-b0b82d3862b4b42c2a06d418609497b5.yaml ./poc/cve/CVE-2024-9528.yaml ./poc/cve/CVE-2024-9538-c055e1bb3c954b4e851927865f487720.yaml +./poc/cve/CVE-2024-9538.yaml ./poc/cve/CVE-2024-9543-2a84b7caa56d7b7baa1f298aba568720.yaml +./poc/cve/CVE-2024-9543.yaml ./poc/cve/CVE-2024-9581-3deefaeba320bc3f8ff9dd6ea032aa20.yaml ./poc/cve/CVE-2024-9581.yaml ./poc/cve/CVE-2024-9586-404a2b9f88295f375d192c2e8553e42b.yaml +./poc/cve/CVE-2024-9586.yaml ./poc/cve/CVE-2024-9587-9addb86845d8c338383a9caf97ac21e2.yaml +./poc/cve/CVE-2024-9587.yaml +./poc/cve/CVE-2024-9592-fff4a8a541e39d94b5f0980d29acdfe3.yaml +./poc/cve/CVE-2024-9595-0c12058c023c26b1446aa326839994fd.yaml ./poc/cve/CVE-2024-9610-22573cea45a3c22fba477c8e4bf581f3.yaml +./poc/cve/CVE-2024-9610.yaml ./poc/cve/CVE-2024-9611-e3d072056298fd4e81d4dfecee6ae07e.yaml +./poc/cve/CVE-2024-9611.yaml ./poc/cve/CVE-2024-9616-74cbb74314a998222d17f0108bdd1b47.yaml +./poc/cve/CVE-2024-9616.yaml +./poc/cve/CVE-2024-9656-5e11b0669cd68a7b45a069c732842ecd.yaml +./poc/cve/CVE-2024-9670-590d40c02bbb47b092deffa0e1d25829.yaml ./poc/cve/CVE-2024-9685-162e285486f85718f1eff0c9fc075030.yaml ./poc/cve/CVE-2024-9685.yaml +./poc/cve/CVE-2024-9696-7eb3ceca660ff8ed51fe8b0a6a2f165c.yaml +./poc/cve/CVE-2024-9704-f21a430d525f14c5222622c2499dbc1f.yaml ./poc/cve/CVE-2024-9707-4fb16dfc3a442890f762f60d876d8c4d.yaml +./poc/cve/CVE-2024-9707.yaml +./poc/cve/CVE-2024-9756-64a408f630e792f3ff717cc9822672de.yaml +./poc/cve/CVE-2024-9776-b87b3db31f1eda93892f1d85c0aa0846.yaml +./poc/cve/CVE-2024-9778-f12d8ad8d5a8b1346844c8509cb8d77c.yaml +./poc/cve/CVE-2024-9821-3c976b43c465f64b4e1fa1afc3ed719b.yaml ./poc/cve/CVE-2024-9822-69ea5c9c3890154ffaf61e4bd66bce90.yaml +./poc/cve/CVE-2024-9822.yaml +./poc/cve/CVE-2024-9824-44742b5dfe15bf136d8b10c8fdb6d6e7.yaml +./poc/cve/CVE-2024-9860-b04ee97e5d460a289f93568831e0cf5e.yaml ./poc/cve/CVE202127562-220331-222408.yaml ./poc/cve/CVE_2023_49442.yaml ./poc/cve/CVE_2023_51467.yaml @@ -63332,6 +63453,7 @@ ./poc/open_redirect/simple-301-redirects-plugin.yaml ./poc/open_redirect/simple-301-redirects.yaml ./poc/open_redirect/simple-membership-after-login-redirection-85e327a5d6d50220e697bef330baf141.yaml +./poc/open_redirect/simple-membership-after-login-redirection.yaml ./poc/open_redirect/simple-mobile-url-redirect-f534985a73dafb1d81a6ba4abb12995a.yaml ./poc/open_redirect/simple-mobile-url-redirect.yaml ./poc/open_redirect/sky-login-redirect-557dfeac01daa0367c681069c19d386e.yaml @@ -63677,6 +63799,7 @@ ./poc/other/2755030215.yaml ./poc/other/2848712183.yaml ./poc/other/2939021635.yaml +./poc/other/2d-tag-cloud-widget-by-sujin-f775dedf778f01d96f3cf104b4a5ff00.yaml ./poc/other/2j-slideshow-398188b565cef4627bb1cc2005473d42.yaml ./poc/other/2j-slideshow-a2cb29fa8d73411375a9f25f28aec131.yaml ./poc/other/2j-slideshow-a7ee719525508426f77934740c1310d6.yaml @@ -64679,6 +64802,7 @@ ./poc/other/addify-product-stock-manager.yaml ./poc/other/addon-elements-for-elementor-page-builder-05291056e6eb1d4920fc95ec6ef0fd19.yaml ./poc/other/addon-elements-for-elementor-page-builder-16292dd268c19f857d570d46d0993ab2.yaml +./poc/other/addon-elements-for-elementor-page-builder-1c9e26180c0458c7b22a8f5c9fac5359.yaml ./poc/other/addon-elements-for-elementor-page-builder-381a8f2dd97b68e4b1534068c1a8ae5d.yaml ./poc/other/addon-elements-for-elementor-page-builder-3831a7eb56e011ebe1005a742c17b33d.yaml ./poc/other/addon-elements-for-elementor-page-builder-3ec90d3cab2b68e8acdcf76aad313f54.yaml @@ -66638,6 +66762,7 @@ ./poc/other/automatic-youtube-video-posts-91707c7304defdf4c829758df5f60ae2.yaml ./poc/other/automatic-youtube-video-posts.yaml ./poc/other/automatically-hierarchic-categories-in-menu-95d47f1bfb7f5790af401f77ab09831c.yaml +./poc/other/automatically-hierarchic-categories-in-menu.yaml ./poc/other/automation-direct-596.yaml ./poc/other/automation-direct-597.yaml ./poc/other/automation-direct.yaml @@ -69095,6 +69220,7 @@ ./poc/other/categorify.yaml ./poc/other/category-grid-view-gallery-ec1de78c58c23ac8308ebf650b24c84a.yaml ./poc/other/category-grid-view-gallery.yaml +./poc/other/category-icon-1ba7a71509a41771343e0fdcceeb4a9f.yaml ./poc/other/category-list-portfolio-page-c3ec7120a4b92459e512233c50f2a028.yaml ./poc/other/category-list-portfolio-page.yaml ./poc/other/category-page-icons-02e0417d125f209136fe3c33ea09f1de.yaml @@ -70970,6 +71096,7 @@ ./poc/other/copyrightpro-8c5362a9fea7f78031981084f3f2d9e3.yaml ./poc/other/copyrightpro.yaml ./poc/other/copyscape-premium-24f1d1dd1bdeb11d9cc09a8bdd5e0246.yaml +./poc/other/copyscape-premium.yaml ./poc/other/cordobo-green-park-25cf04265807623474451c80167645ce.yaml ./poc/other/cordobo-green-park.yaml ./poc/other/core-control-07875b6ba1ecb64abc776c1446cbeeda.yaml @@ -71137,6 +71264,7 @@ ./poc/other/cozipress-84b46bfa4cf954052028cd03b0992b97.yaml ./poc/other/cozipress.yaml ./poc/other/cozy-addons-44a8561056798ae30082a9893064b6c7.yaml +./poc/other/cozy-addons.yaml ./poc/other/cp-appointment-calendar-045a374dcc4037ebae609408d4fe7a62.yaml ./poc/other/cp-appointment-calendar.yaml ./poc/other/cp-blocks-9e730a8e2d5c47970760e5751f25c3da.yaml @@ -71235,6 +71363,7 @@ ./poc/other/create-block-theme.yaml ./poc/other/create-bucket.yaml ./poc/other/create-f93a4314da2b6ca44fe64167be75ce25.yaml +./poc/other/create.yaml ./poc/other/creative-addons-for-elementor-092b5cbcb926412f552245832dc8d8dc.yaml ./poc/other/creative-addons-for-elementor.yaml ./poc/other/creative-image-slider-94f67f5bcd72934076ef3d028de3665f.yaml @@ -76307,6 +76436,7 @@ ./poc/other/full-customer-e66981d9fb448b5c4721cb1de597e1e5.yaml ./poc/other/full-customer.yaml ./poc/other/full-frame-885a902b6cf17ffc986add7111b34487.yaml +./poc/other/full-frame.yaml ./poc/other/full-page-blog-designer-ff9293ba28748efa2ab9a2fe77385468.yaml ./poc/other/full-page-blog-designer.yaml ./poc/other/full-site-editing-24836cca8d46e399082ff66df1b9f2f5.yaml @@ -76484,6 +76614,7 @@ ./poc/other/gallery-images-plugin.yaml ./poc/other/gallery-images.yaml ./poc/other/gallery-lightbox-slider-c7018e1210623140c6322b4f39732cda.yaml +./poc/other/gallery-lightbox-slider.yaml ./poc/other/gallery-metabox-124fdfaa4c2892751f0dc39c471840c1.yaml ./poc/other/gallery-metabox-2a7ccbd5c585dc1ef1cf32427eae2594.yaml ./poc/other/gallery-metabox-893a872076c9d5999a060ec09b24095c.yaml @@ -77389,6 +77520,7 @@ ./poc/other/gutenberg.yaml ./poc/other/gutenify-eab8a887d0007756a033c70ac29592e4.yaml ./poc/other/gutenify.yaml +./poc/other/gutenkit-blocks-addon.yaml ./poc/other/gutenslider-74b8d4f2f6ba80e0494d302182025133.yaml ./poc/other/gutenslider-d41d8cd98f00b204e9800998ecf8427e.yaml ./poc/other/gutenslider-ed8ce19b68ae71ce7a0addaa37f8de47.yaml @@ -78123,6 +78255,7 @@ ./poc/other/hungred-post-thumbnail-plugin.yaml ./poc/other/hungred-post-thumbnail.yaml ./poc/other/hunk-companion-3e6542ea0a5f84304ec5d07491cf65d1.yaml +./poc/other/hunk-companion.yaml ./poc/other/hunk-external-links-2ba04e05de7427b71cdc96d867ecafba.yaml ./poc/other/hunk-external-links-680007f3c58a40487035ff4623da1e0e.yaml ./poc/other/hunk-external-links-9027bcd3171bedf4ffe84d6e5c8af35f.yaml @@ -78236,6 +78369,7 @@ ./poc/other/icon.yaml ./poc/other/iconic-woothumbs-b56efc1769430d91c2f7b8e37a69fe4c.yaml ./poc/other/iconic-woothumbs.yaml +./poc/other/iconize.yaml ./poc/other/icons-font-loader-388d902852b160748222b49bf0cc44f4.yaml ./poc/other/icons-font-loader-6c30ce802d02a5620351d09e5696ecb4.yaml ./poc/other/icons-font-loader-805bb5a12e0618a3d5e907ba4a70e059.yaml @@ -78402,6 +78536,9 @@ ./poc/other/image-carousel-for-divi.yaml ./poc/other/image-export-c89541d9c6a3a1478ea00868f417b307.yaml ./poc/other/image-export.yaml +./poc/other/image-gallery-5cfbe2b947bf468de048d29d22757022.yaml +./poc/other/image-gallery-8c902b296c6de2f23311d1cc4dcb0519.yaml +./poc/other/image-gallery-a62704cbf770b776cbd66d817df952f0.yaml ./poc/other/image-gallery-with-slideshow-15b0c7eb32c94c4b1633944f5a6fb9e5.yaml ./poc/other/image-gallery-with-slideshow-236bd2454685bc7d308c686919fd6aad.yaml ./poc/other/image-gallery-with-slideshow-5bd50be173bddc1df87b610e4fcf76ce.yaml @@ -78654,6 +78791,7 @@ ./poc/other/inboundio-marketing.yaml ./poc/other/incapptic-connect-panel.yaml ./poc/other/include-fussball-de-widgets-0dd823f80d49bbf49872991bf7ed884e.yaml +./poc/other/include-fussball-de-widgets.yaml ./poc/other/include-lottie-animation-for-elementor-d5d7848a1ff6a1ec3dd6899f23da0440.yaml ./poc/other/include-lottie-animation-for-elementor.yaml ./poc/other/include-me-74dc2c1aec84a5f9bf221b65b8dccf05.yaml @@ -80120,6 +80258,7 @@ ./poc/other/language-switcher-a30ebe457d58a4dcb08af441b2dcc3da.yaml ./poc/other/language-switcher-for-transposh-c6a882ea97b111d0b6c5158e772903f0.yaml ./poc/other/language-switcher-for-transposh.yaml +./poc/other/language-switcher.yaml ./poc/other/lanlin-oa-fileRead.yaml ./poc/other/lanmp.yaml ./poc/other/lanproxy-workflow.yaml @@ -80635,6 +80774,7 @@ ./poc/other/linkify-text.yaml ./poc/other/linktree.yaml ./poc/other/linkz-ai-c4508fb1c1471a6f62672b70a80785ee.yaml +./poc/other/linkz-ai.yaml ./poc/other/linshare-panel.yaml ./poc/other/lint-test.yml ./poc/other/linux.yaml @@ -81719,6 +81859,7 @@ ./poc/other/maxgalleria.yaml ./poc/other/maxi-blocks-20100715f7ef3a1052cae3468d0edd94.yaml ./poc/other/maxi-blocks.yaml +./poc/other/maxslider.yaml ./poc/other/maz-loader-2c4e8bcc9e71b393f4dd77053a46283a.yaml ./poc/other/maz-loader.yaml ./poc/other/mcafee-intrushield.yaml @@ -82083,6 +82224,7 @@ ./poc/other/metasploit-xmlrpc.yaml ./poc/other/metasploit.yaml ./poc/other/metasync-302b96206ea3a62397b7407654509fc1.yaml +./poc/other/metasync.yaml ./poc/other/metaview-explorer-installer.yaml ./poc/other/meteor-slides-14ea951539a52c3d6533d336e0785efa.yaml ./poc/other/meteor-slides.yaml @@ -82941,6 +83083,7 @@ ./poc/other/mylittleforum.yaml ./poc/other/mylot.yaml ./poc/other/mymfans.yaml +./poc/other/mynx-page-builder-e5ef52784bd604a03534c96c5c5b985d.yaml ./poc/other/mypixs-758377262af71e2390f649acd5c89b73.yaml ./poc/other/mypixs.yaml ./poc/other/myportfolio.yaml @@ -84704,6 +84847,7 @@ ./poc/other/payment-gateway-payfabric.yaml ./poc/other/paypal-donations-5eead37a379def1e3474abcddf3a225c.yaml ./poc/other/paypal-donations.yaml +./poc/other/paypal-gift-certificate-7a1c89e0233f23e5f8c8d08caace9488.yaml ./poc/other/paypal-pay-buy-donation-and-cart-buttons-shortcode-055ed7df687e1bb906d206bc5dc26037.yaml ./poc/other/paypal-pay-buy-donation-and-cart-buttons-shortcode-b134b6aa0693a308331bb83085898e83.yaml ./poc/other/paypal-pay-buy-donation-and-cart-buttons-shortcode.yaml @@ -84827,6 +84971,7 @@ ./poc/other/pear-project.yaml ./poc/other/pear.yaml ./poc/other/pedalo-connector-820973c74b01dd482d68dc6d2fc0b499.yaml +./poc/other/pedalo-connector.yaml ./poc/other/peepso-core-338fc97c24276ab87a510e79a909afca.yaml ./poc/other/peepso-core-3b2ef2d73cbfd65b1121e5f18e3b865d.yaml ./poc/other/peepso-core-4cd19fbbacd82d8d91e116054bffc182.yaml @@ -87111,6 +87256,7 @@ ./poc/other/read-and-understood-b5d0340ed7ef6ecf2a90ecd42746a4ee.yaml ./poc/other/read-and-understood-fb2703ea68b72cec316b31bc701d54a9.yaml ./poc/other/read-and-understood.yaml +./poc/other/read-more-948d18a9ecd43f2950c17fb1b54f2e66.yaml ./poc/other/read-more-b2a699f063666089b0f694a1a4132451.yaml ./poc/other/read-more-excerpt-link-428f17e6dafc1bba7abf9f2604534f1f.yaml ./poc/other/read-more-excerpt-link.yaml @@ -87537,6 +87683,7 @@ ./poc/other/resads-cea00ee02754f82a3ca69697d0c2c6b2.yaml ./poc/other/resads.yaml ./poc/other/rescro.yaml +./poc/other/rescue-shortcodes-5be8dc0066a80e59bb7593a87c0fc14c.yaml ./poc/other/rescue-shortcodes-e1e8944a4b8189b7391a84a2e5379b85.yaml ./poc/other/rescue-shortcodes.yaml ./poc/other/resend-welcome-email-c12a39deaa310f0b3d111b811ae59fb4.yaml @@ -87589,6 +87736,7 @@ ./poc/other/responsive-c567878f616fa78cef0a6bc18a4ad518.yaml ./poc/other/responsive-category-slider.yaml ./poc/other/responsive-client-logo-carousel-slider-412b9d6576527f52c0ef9d8c7aa3093b.yaml +./poc/other/responsive-client-logo-carousel-slider.yaml ./poc/other/responsive-column-widgets-10174a5bcac9bad47e8550b3d07ca19d.yaml ./poc/other/responsive-column-widgets-a29187a1468326dc4ead18d4b4b0773c.yaml ./poc/other/responsive-column-widgets.yaml @@ -87816,6 +87964,7 @@ ./poc/other/revision-manager-tmc-f8b4c94f50da3c94ba46bcd6d09e22c4.yaml ./poc/other/revision-manager-tmc.yaml ./poc/other/revisionary-2d8aafc6684bb72cb32b726731ba80f0.yaml +./poc/other/revisionary.yaml ./poc/other/revivenews-2a2c4b3fb0aad978621534d4be0420e4.yaml ./poc/other/revivenews.yaml ./poc/other/revoked-ssl-certificate.yaml @@ -90836,6 +90985,7 @@ ./poc/other/st-daily-tip.yaml ./poc/other/st_newsletter-06d1c7e09e9834aed347b62ce7221b3c.yaml ./poc/other/st_newsletter.yaml +./poc/other/stackable-ultimate-gutenberg-blocks-290415cadef9c19a55802d0694d0c4ba.yaml ./poc/other/stackable-ultimate-gutenberg-blocks-6e9e7493f4b83565fb4c7caa6bafc3ca.yaml ./poc/other/stackable-ultimate-gutenberg-blocks-ccca2f262821eaf2767551efac129b45.yaml ./poc/other/stackable-ultimate-gutenberg-blocks-df070963bb933dacb9dd0e9251443dfb.yaml @@ -91629,6 +91779,7 @@ ./poc/other/tableau-panel.yaml ./poc/other/tableau-service-manager.yaml ./poc/other/tableau.yaml +./poc/other/tablepress-32c13893c2404906ff08443b389c0f94.yaml ./poc/other/tablepress-697a9390121841b0782fef3e5b3c9075.yaml ./poc/other/tablepress-7f790570e9fba62eccb5ffe420d8073f.yaml ./poc/other/tablepress-b74cc93d0bc2a1c1c7460d9fe636bf86.yaml @@ -92029,6 +92180,7 @@ ./poc/other/the-events-calendar-87bc7770ec30671ab3359332255ef53f.yaml ./poc/other/the-events-calendar-8b18d3ad348c4984006e65b4350fe76d.yaml ./poc/other/the-events-calendar-9539f2159afb12aa848bb74da941c73c.yaml +./poc/other/the-events-calendar-a1141cabd552a0d37d25ef7fd91f243f.yaml ./poc/other/the-events-calendar-a4aab627ae16b33b6fd49cd582e22bf9.yaml ./poc/other/the-events-calendar-b5fc62c7251a65243a3fd75688000904.yaml ./poc/other/the-events-calendar-b92af113f9dcb8b3f7346a2054002ea2.yaml @@ -92496,6 +92648,7 @@ ./poc/other/tiny-carousel-horizontal-slider-plus-d3ecfeab5919cfaacddc034200e3cea1.yaml ./poc/other/tiny-carousel-horizontal-slider-plus.yaml ./poc/other/tiny-carousel-horizontal-slider.yaml +./poc/other/tiny-compress-images.yaml ./poc/other/tiny-contact-form-737878fed3b9b68a875eaa33821e0701.yaml ./poc/other/tiny-contact-form.yaml ./poc/other/tiny-file-manager.yaml @@ -94159,6 +94312,7 @@ ./poc/other/vcenter-fileRead.yaml ./poc/other/vcenter_server.yaml ./poc/other/vdocipher-0c6a2a0ec5da3c2070b68430fb7031f8.yaml +./poc/other/vdocipher.yaml ./poc/other/vdz-call-back-221bb461253d577b5357f9c0f13bedc6.yaml ./poc/other/vdz-call-back-b239ec1596025ade057baa4ac849ae24.yaml ./poc/other/vdz-call-back-d41d8cd98f00b204e9800998ecf8427e.yaml @@ -94262,6 +94416,7 @@ ./poc/other/video-contest.yaml ./poc/other/video-embed-box.yaml ./poc/other/video-embed-privacy-f0c189bc3a46b541f3e7f2f08fa39cf6.yaml +./poc/other/video-embed-privacy.yaml ./poc/other/video-embed-thumbnail-generator-9e089445983b7d9135be4a93a4687120.yaml ./poc/other/video-embed-thumbnail-generator-a8146ec33c3e6521c5954010b19b9f85.yaml ./poc/other/video-embed-thumbnail-generator-d41d8cd98f00b204e9800998ecf8427e.yaml @@ -95755,6 +95910,7 @@ ./poc/other/woo-reviews-manager-plugin.yaml ./poc/other/woo-reviews-manager.yaml ./poc/other/woo-save-abandoned-carts-55b952ab83c7e8bf63a12a9fe57435fa.yaml +./poc/other/woo-save-abandoned-carts.yaml ./poc/other/woo-seo-addon-966209cca3fbb6fcfc658f4c03ba1e45.yaml ./poc/other/woo-seo-addon.yaml ./poc/other/woo-shipping-display-mode-2d3075ac9da71d5c985dc0ed024b9ec4.yaml @@ -96335,6 +96491,7 @@ ./poc/other/xjhtqy-crm.yaml ./poc/other/xjhyt-system.yaml ./poc/other/xl-tab-c1541f5d341255cfb7d8669f748f395e.yaml +./poc/other/xl-tab.yaml ./poc/other/xllentech-english-islamic-calendar-1d5b04bee2df8076985b3802622f831c.yaml ./poc/other/xllentech-english-islamic-calendar.yaml ./poc/other/xmall.yaml @@ -98259,6 +98416,7 @@ ./poc/remote_code_execution/booster-plus-for-woocommerce.yaml ./poc/remote_code_execution/bosa-elementor-for-woocommerce-01a4f2980d5d921fdb4f483338cf1391.yaml ./poc/remote_code_execution/bosa-elementor-for-woocommerce.yaml +./poc/remote_code_execution/bot-for-telegram-on-woocommerce-95e4471cf7b0cdfb6c9aec1a9d40a0ae.yaml ./poc/remote_code_execution/brands-for-woocommerce-018c818356c6b000ed4656a96a0c372c.yaml ./poc/remote_code_execution/brands-for-woocommerce-055e1820b3e7ef430034aac2fbd3cb4b.yaml ./poc/remote_code_execution/brands-for-woocommerce-25f970a8a780b560ba186742cd55ae28.yaml @@ -99318,6 +99476,7 @@ ./poc/remote_code_execution/order-and-inventory-manager-for-woocommerce-6477bf18cad6c823db485408d49b337b.yaml ./poc/remote_code_execution/order-and-inventory-manager-for-woocommerce-cb43a3033745f9235059b7d1b7a3d855.yaml ./poc/remote_code_execution/order-and-inventory-manager-for-woocommerce.yaml +./poc/remote_code_execution/order-attachments-for-woocommerce-d72cf819fcb5997a2922f8848f39656f.yaml ./poc/remote_code_execution/order-auto-complete-for-woocommerce-d52da6d8785fe0d333ad93221eb739c1.yaml ./poc/remote_code_execution/order-auto-complete-for-woocommerce.yaml ./poc/remote_code_execution/order-delivery-date-for-woocommerce-0a1e73557358a5b2fa4a31e0b34b7e12.yaml @@ -101755,6 +101914,7 @@ ./poc/search/ajax-search-lite-b4073f00b03ef9916427899a5dd37cae.yaml ./poc/search/ajax-search-lite-c10ce3a2206f5817598c7b3c5d0528d3.yaml ./poc/search/ajax-search-lite-d41d8cd98f00b204e9800998ecf8427e.yaml +./poc/search/ajax-search-lite-e7ba06e90ec10cb19dc2494089497f4f.yaml ./poc/search/ajax-search-lite-ef3e4f5af3cb5b879cea1e0aae28ebcc.yaml ./poc/search/ajax-search-lite-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml ./poc/search/ajax-search-lite-plugin.yaml @@ -102607,6 +102767,7 @@ ./poc/social/drupal_module-socialbase-access-bypass.yaml ./poc/social/duitku-social-payment-gateway-00bd2277c641ac0f8870ff39d1abb82f.yaml ./poc/social/duitku-social-payment-gateway.yaml +./poc/social/dvk-social-sharing-89c738e746dab8d430975f04439c54b6.yaml ./poc/social/easy-facebook-like-box-7f8f19fc7534d3a20291e7d36a6962a1.yaml ./poc/social/easy-facebook-like-box.yaml ./poc/social/easy-facebook-likebox-0351c9b7f28bf4dade309063cdc5cccc.yaml @@ -105521,6 +105682,9 @@ ./poc/sql/CVE-2024-9225-8aa496476e08c8c664db47cbf34e8cf4.yaml ./poc/sql/CVE-2024-9228-b8423e6fcac2024db44fa444099a9f5b.yaml ./poc/sql/CVE-2024-9587-9addb86845d8c338383a9caf97ac21e2.yaml +./poc/sql/CVE-2024-9704-f21a430d525f14c5222622c2499dbc1f.yaml +./poc/sql/CVE-2024-9776-b87b3db31f1eda93892f1d85c0aa0846.yaml +./poc/sql/CVE-2024-9824-44742b5dfe15bf136d8b10c8fdb6d6e7.yaml ./poc/sql/Changdao-165-SQLi.yaml ./poc/sql/Cmseasy-Http-Head-sqli.yaml ./poc/sql/Cmseasy-celive-sqli.yaml @@ -112751,6 +112915,7 @@ ./poc/upload/images-optimize-and-upload-cf7-2a28757ccdd057248b8450e005b76a5a.yaml ./poc/upload/images-optimize-and-upload-cf7.yaml ./poc/upload/increase-upload-file-size-maximum-execution-time-limit-d66f2cb0528cb877e17943517257d459.yaml +./poc/upload/increase-upload-file-size-maximum-execution-time-limit.yaml ./poc/upload/ioffice_iorepsavexml_upload.yaml ./poc/upload/jinhe-oa-c6-uploadfiledownloadnew-fileread.yaml ./poc/upload/jinher-oa-jc6-officesaveflag-false-fileupload.yaml @@ -113135,6 +113300,7 @@ ./poc/upload/wp-file-upload-382c23d66d16fce28c89229da07e05dd.yaml ./poc/upload/wp-file-upload-3ef086464d779396e837451e2e454c9e.yaml ./poc/upload/wp-file-upload-414352e334281f95b4c9f0ed2d166b1e.yaml +./poc/upload/wp-file-upload-439c10683c6c205110b225b20910cc36.yaml ./poc/upload/wp-file-upload-583e2ffd5575f1de5191025b8ecb4a08.yaml ./poc/upload/wp-file-upload-5dfe53812f63d2ef729d1a44d88e39c1.yaml ./poc/upload/wp-file-upload-66aa229a5a4044d076fddbf0c2566056.yaml @@ -115522,6 +115688,7 @@ ./poc/wordpress/mailchimp-for-wp-plugin.yaml ./poc/wordpress/mailchimp-for-wp.yaml ./poc/wordpress/mailchimp-wp-15f062f7f8a74355a84fabbd1946ba00.yaml +./poc/wordpress/mailchimp-wp-6180a3b6b3e533e17e26dc2174349f0a.yaml ./poc/wordpress/mailchimp-wp.yaml ./poc/wordpress/mailcwp-9b222c6e92baafa2e1e6118251883201.yaml ./poc/wordpress/mailcwp-9b94687af8a36209ff34b7a1e2d135a5.yaml @@ -116909,6 +117076,7 @@ ./poc/wordpress/wordpress-popular-posts-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml ./poc/wordpress/wordpress-popular-posts-plugin.yaml ./poc/wordpress/wordpress-popular-posts.yaml +./poc/wordpress/wordpress-popup-705de09e622918c55b7a1ab10bf33e2a.yaml ./poc/wordpress/wordpress-popup-773fdf3928e22c6a993835af54bb5ecc.yaml ./poc/wordpress/wordpress-popup-8a2326cec4cb67e442bb467f62462452.yaml ./poc/wordpress/wordpress-popup-af7b7ffaf25f8475183bbd05b2992e9c.yaml @@ -117585,6 +117753,7 @@ ./poc/wordpress/wp-bugbot-ff9293ba28748efa2ab9a2fe77385468.yaml ./poc/wordpress/wp-bugbot.yaml ./poc/wordpress/wp-bulk-delete-42cb3484e786be78ad44f52b9b38b2d5.yaml +./poc/wordpress/wp-bulk-delete.yaml ./poc/wordpress/wp-business-directory-a759e03a3140ab5da9f810ffbdb3a4c2.yaml ./poc/wordpress/wp-business-directory.yaml ./poc/wordpress/wp-business-intelligence-lite-1b4dbc3d1fc8aecab4cba5875dafa39a.yaml @@ -118582,6 +118751,7 @@ ./poc/wordpress/wp-file-upload-382c23d66d16fce28c89229da07e05dd.yaml ./poc/wordpress/wp-file-upload-3ef086464d779396e837451e2e454c9e.yaml ./poc/wordpress/wp-file-upload-414352e334281f95b4c9f0ed2d166b1e.yaml +./poc/wordpress/wp-file-upload-439c10683c6c205110b225b20910cc36.yaml ./poc/wordpress/wp-file-upload-583e2ffd5575f1de5191025b8ecb4a08.yaml ./poc/wordpress/wp-file-upload-5dfe53812f63d2ef729d1a44d88e39c1.yaml ./poc/wordpress/wp-file-upload-66aa229a5a4044d076fddbf0c2566056.yaml @@ -119696,6 +119866,7 @@ ./poc/wordpress/wp-my-admin-bar-plugin.yaml ./poc/wordpress/wp-my-admin-bar.yaml ./poc/wordpress/wp-mylinks-08aa65bb139b69c39721a5ec40b60910.yaml +./poc/wordpress/wp-mylinks.yaml ./poc/wordpress/wp-nested-pages-0951b93b86587d329d8814e4e92c3c90.yaml ./poc/wordpress/wp-nested-pages-21c6f38c12841cb789c7ff98d52bd1a8.yaml ./poc/wordpress/wp-nested-pages-24406334e6fcf4da6afe273ca755bcaf.yaml @@ -119987,6 +120158,7 @@ ./poc/wordpress/wp-portfolio-gallery-a759e03a3140ab5da9f810ffbdb3a4c2.yaml ./poc/wordpress/wp-portfolio-gallery.yaml ./poc/wordpress/wp-portfolio.yaml +./poc/wordpress/wp-post-author-3f4de7ecb8586f0c99558a166624662d.yaml ./poc/wordpress/wp-post-author-46640ddca920a240fe1890d22cf85362.yaml ./poc/wordpress/wp-post-author-7d1b65ca652ea436aecffad9a54ff422.yaml ./poc/wordpress/wp-post-author-a78da0278c80430e84214732c8afbf50.yaml diff --git a/poc/auth/simple-membership-after-login-redirection.yaml b/poc/auth/simple-membership-after-login-redirection.yaml new file mode 100644 index 0000000000..18bc82800f --- /dev/null +++ b/poc/auth/simple-membership-after-login-redirection.yaml @@ -0,0 +1,59 @@ +id: simple-membership-after-login-redirection + +info: + name: > + Simple Membership After Login Redirection <= 1.6 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f959e61-16cf-4260-b21b-8edb95a3cd65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership-after-login-redirection/" + google-query: inurl:"/wp-content/plugins/simple-membership-after-login-redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership-after-login-redirection,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership-after-login-redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership-after-login-redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/poc/auth/wp-post-author-3f4de7ecb8586f0c99558a166624662d.yaml b/poc/auth/wp-post-author-3f4de7ecb8586f0c99558a166624662d.yaml new file mode 100644 index 0000000000..865fe367de --- /dev/null +++ b/poc/auth/wp-post-author-3f4de7ecb8586f0c99558a166624662d.yaml @@ -0,0 +1,59 @@ +id: wp-post-author-3f4de7ecb8586f0c99558a166624662d + +info: + name: > + Boost Your Blog's Engagement with WP Post Author <= 3.8.1 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d667bafc-5f19-4889-a988-236df050c013?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-post-author/" + google-query: inurl:"/wp-content/plugins/wp-post-author/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-post-author,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-post-author/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-post-author" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.1') \ No newline at end of file diff --git a/poc/aws/bridge-core-d2d00414cf6e61ec23999dd4278c171a.yaml b/poc/aws/bridge-core-d2d00414cf6e61ec23999dd4278c171a.yaml new file mode 100644 index 0000000000..0776e6487d --- /dev/null +++ b/poc/aws/bridge-core-d2d00414cf6e61ec23999dd4278c171a.yaml @@ -0,0 +1,59 @@ +id: bridge-core-d2d00414cf6e61ec23999dd4278c171a + +info: + name: > + Bridge Core <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Demo Import + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/968d5d31-2592-4bed-9d18-5877f0d6062e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bridge-core/" + google-query: inurl:"/wp-content/plugins/bridge-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bridge-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bridge-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bridge-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-44010.yaml b/poc/cve/CVE-2024-44010.yaml new file mode 100644 index 0000000000..d316dd0745 --- /dev/null +++ b/poc/cve/CVE-2024-44010.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-44010 + +info: + name: > + Full frame <= 2.7.2 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Full frame theme for WordPress is vulnerable to Stored Cross-Site Scripting parameter in versions up to, and including, 2.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b95baf58-bd99-4682-b2eb-46a402c62c03?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-44010 + metadata: + fofa-query: "wp-content/themes/full-frame/" + google-query: inurl:"/wp-content/themes/full-frame/" + shodan-query: 'vuln:CVE-2024-44010' + tags: cve,wordpress,wp-theme,full-frame,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/full-frame/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "full-frame" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-45454.yaml b/poc/cve/CVE-2024-45454.yaml new file mode 100644 index 0000000000..f4cdc36864 --- /dev/null +++ b/poc/cve/CVE-2024-45454.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-45454 + +info: + name: > + Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.121 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.5.121 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b49c1e95-7ef4-45d7-9fdf-dd5adffd2eb0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-45454 + metadata: + fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/" + google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/" + shodan-query: 'vuln:CVE-2024-45454' + tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-elements-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-elements-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.121') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47348.yaml b/poc/cve/CVE-2024-47348.yaml new file mode 100644 index 0000000000..f1bed7b829 --- /dev/null +++ b/poc/cve/CVE-2024-47348.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47348 + +info: + name: > + YellowPencil Visual CSS Style Editor <= 7.6.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The YellowPencil Visual CSS Style Editor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.6.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f325945-8394-4ff5-8868-2b1c464cd91f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47348 + metadata: + fofa-query: "wp-content/plugins/yellow-pencil-visual-theme-customizer/" + google-query: inurl:"/wp-content/plugins/yellow-pencil-visual-theme-customizer/" + shodan-query: 'vuln:CVE-2024-47348' + tags: cve,wordpress,wp-plugin,yellow-pencil-visual-theme-customizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yellow-pencil-visual-theme-customizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yellow-pencil-visual-theme-customizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47349.yaml b/poc/cve/CVE-2024-47349.yaml new file mode 100644 index 0000000000..4cdd5b66da --- /dev/null +++ b/poc/cve/CVE-2024-47349.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47349 + +info: + name: > + WPMobile.App <= 11.50 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WPMobile.App plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 11.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1aea4732-9e7d-406f-b848-ff223104f176?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47349 + metadata: + fofa-query: "wp-content/plugins/wpappninja/" + google-query: inurl:"/wp-content/plugins/wpappninja/" + shodan-query: 'vuln:CVE-2024-47349' + tags: cve,wordpress,wp-plugin,wpappninja,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpappninja/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpappninja" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.50') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47350.yaml b/poc/cve/CVE-2024-47350.yaml new file mode 100644 index 0000000000..701e22fb77 --- /dev/null +++ b/poc/cve/CVE-2024-47350.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47350 + +info: + name: > + YITH WooCommerce Ajax Search <= 2.8.0 - Unauthenticated SQL Injection + author: topscoder + severity: critical + description: > + The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a047577-d5eb-425b-9318-4473d052a223?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2024-47350 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-ajax-search/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-ajax-search/" + shodan-query: 'vuln:CVE-2024-47350' + tags: cve,wordpress,wp-plugin,yith-woocommerce-ajax-search,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-ajax-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-ajax-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47351.yaml b/poc/cve/CVE-2024-47351.yaml new file mode 100644 index 0000000000..b1c00c9e35 --- /dev/null +++ b/poc/cve/CVE-2024-47351.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47351 + +info: + name: > + MaxSlider <= 1.2.3 - Authenticated (Contributor+) Local File Inclusion + author: topscoder + severity: low + description: > + The MaxSlider plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f8430e8-c349-4425-be4a-0e9d4d80c438?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-47351 + metadata: + fofa-query: "wp-content/plugins/maxslider/" + google-query: inurl:"/wp-content/plugins/maxslider/" + shodan-query: 'vuln:CVE-2024-47351' + tags: cve,wordpress,wp-plugin,maxslider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maxslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maxslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47352.yaml b/poc/cve/CVE-2024-47352.yaml new file mode 100644 index 0000000000..50b07d7e22 --- /dev/null +++ b/poc/cve/CVE-2024-47352.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47352 + +info: + name: > + WP Bulk Delete <= 1.3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Bulk Delete plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a145f3ca-2c38-4058-9aa9-e2dcc43c029a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47352 + metadata: + fofa-query: "wp-content/plugins/wp-bulk-delete/" + google-query: inurl:"/wp-content/plugins/wp-bulk-delete/" + shodan-query: 'vuln:CVE-2024-47352' + tags: cve,wordpress,wp-plugin,wp-bulk-delete,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-bulk-delete/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-bulk-delete" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47353.yaml b/poc/cve/CVE-2024-47353.yaml new file mode 100644 index 0000000000..dd32c8df0d --- /dev/null +++ b/poc/cve/CVE-2024-47353.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47353 + +info: + name: > + ElementsReady Addons for Elementor 6.4.2 - Open Redirect + author: topscoder + severity: medium + description: > + The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Open Redirect in version 6.4.2. This is due to insufficient validation on a redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dff9b5f-def3-420b-a28f-e0d225747c52?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47353 + metadata: + fofa-query: "wp-content/plugins/element-ready-lite/" + google-query: inurl:"/wp-content/plugins/element-ready-lite/" + shodan-query: 'vuln:CVE-2024-47353' + tags: cve,wordpress,wp-plugin,element-ready-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/element-ready-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "element-ready-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '6.4.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47354.yaml b/poc/cve/CVE-2024-47354.yaml new file mode 100644 index 0000000000..801b1fc3dc --- /dev/null +++ b/poc/cve/CVE-2024-47354.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47354 + +info: + name: > + Simple Membership After Login Redirection <= 1.6 - Open Redirect + author: topscoder + severity: medium + description: > + The Simple Membership After Login Redirection plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.6. This is due to insufficient validation on the redirect url supplied via the 'swpm_redirect_to' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f959e61-16cf-4260-b21b-8edb95a3cd65?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47354 + metadata: + fofa-query: "wp-content/plugins/simple-membership-after-login-redirection/" + google-query: inurl:"/wp-content/plugins/simple-membership-after-login-redirection/" + shodan-query: 'vuln:CVE-2024-47354' + tags: cve,wordpress,wp-plugin,simple-membership-after-login-redirection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership-after-login-redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership-after-login-redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47355.yaml b/poc/cve/CVE-2024-47355.yaml new file mode 100644 index 0000000000..9c334778c2 --- /dev/null +++ b/poc/cve/CVE-2024-47355.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47355 + +info: + name: > + Cozy Blocks <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Cozy Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b81a643-e04a-4e7f-91dd-9241fdd1a3ac?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47355 + metadata: + fofa-query: "wp-content/plugins/cozy-addons/" + google-query: inurl:"/wp-content/plugins/cozy-addons/" + shodan-query: 'vuln:CVE-2024-47355' + tags: cve,wordpress,wp-plugin,cozy-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cozy-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cozy-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.11') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47356.yaml b/poc/cve/CVE-2024-47356.yaml new file mode 100644 index 0000000000..fab92756a9 --- /dev/null +++ b/poc/cve/CVE-2024-47356.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47356 + +info: + name: > + Create <= 2.9.1 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Create theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44445c44-5ae0-4f2b-8096-aa94ae5ff0b6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47356 + metadata: + fofa-query: "wp-content/themes/create/" + google-query: inurl:"/wp-content/themes/create/" + shodan-query: 'vuln:CVE-2024-47356' + tags: cve,wordpress,wp-theme,create,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/create/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "create" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47357.yaml b/poc/cve/CVE-2024-47357.yaml new file mode 100644 index 0000000000..ed15b23d5e --- /dev/null +++ b/poc/cve/CVE-2024-47357.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47357 + +info: + name: > + Happy Addons for Elementor <= 3.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.12.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a63d6a64-aaba-4744-a372-89e1c0ce00df?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47357 + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:CVE-2024-47357' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.12.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47358.yaml b/poc/cve/CVE-2024-47358.yaml new file mode 100644 index 0000000000..8b5d13b7d0 --- /dev/null +++ b/poc/cve/CVE-2024-47358.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47358 + +info: + name: > + Popup Maker <= 1.19.2 - Missing Authorization + author: topscoder + severity: high + description: > + The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.19.2. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa2102b3-408b-4278-b542-b5d30685960d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-47358 + metadata: + fofa-query: "wp-content/plugins/popup-maker/" + google-query: inurl:"/wp-content/plugins/popup-maker/" + shodan-query: 'vuln:CVE-2024-47358' + tags: cve,wordpress,wp-plugin,popup-maker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.19.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47359.yaml b/poc/cve/CVE-2024-47359.yaml new file mode 100644 index 0000000000..2a23882188 --- /dev/null +++ b/poc/cve/CVE-2024-47359.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47359 + +info: + name: > + Depicter Slider <= 3.2.2 - Missing Authorization + author: topscoder + severity: high + description: > + The Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d9f9774-e45d-4b69-80e0-dce1e7c0ea78?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-47359 + metadata: + fofa-query: "wp-content/plugins/depicter/" + google-query: inurl:"/wp-content/plugins/depicter/" + shodan-query: 'vuln:CVE-2024-47359' + tags: cve,wordpress,wp-plugin,depicter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/depicter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "depicter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47360.yaml b/poc/cve/CVE-2024-47360.yaml new file mode 100644 index 0000000000..4322a26c56 --- /dev/null +++ b/poc/cve/CVE-2024-47360.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47360 + +info: + name: > + BA Book Everything <= 1.6.20 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The BA Book Everything plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.6.20 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e167eedc-0828-4707-85b9-a78f9aeff27e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47360 + metadata: + fofa-query: "wp-content/plugins/ba-book-everything/" + google-query: inurl:"/wp-content/plugins/ba-book-everything/" + shodan-query: 'vuln:CVE-2024-47360' + tags: cve,wordpress,wp-plugin,ba-book-everything,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ba-book-everything/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ba-book-everything" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.20') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47361.yaml b/poc/cve/CVE-2024-47361.yaml new file mode 100644 index 0000000000..a2fe917c33 --- /dev/null +++ b/poc/cve/CVE-2024-47361.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47361 + +info: + name: > + Elementor Addon Elements <= 1.13.6 - Missing Authorization + author: topscoder + severity: low + description: > + The Elementor Addon Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_refresh_insta_cache() function in versions up to, and including, 1.13.6. This makes it possible for authenticated attackers, with contributor-level access and above, to refresh cache for posts they do not have access to. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f8814b0-6818-47c2-9f2a-8fe12485bd33?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-47361 + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:CVE-2024-47361' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47362.yaml b/poc/cve/CVE-2024-47362.yaml new file mode 100644 index 0000000000..d7cd62e81b --- /dev/null +++ b/poc/cve/CVE-2024-47362.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47362 + +info: + name: > + Strong Testimonials <= 3.1.16 - Missing Authorization + author: topscoder + severity: low + description: > + The Strong Testimonials plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb9253de-7139-422b-aa17-b25937d6a21c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-47362 + metadata: + fofa-query: "wp-content/plugins/strong-testimonials/" + google-query: inurl:"/wp-content/plugins/strong-testimonials/" + shodan-query: 'vuln:CVE-2024-47362' + tags: cve,wordpress,wp-plugin,strong-testimonials,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/strong-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "strong-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.16') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47363.yaml b/poc/cve/CVE-2024-47363.yaml new file mode 100644 index 0000000000..c8348269bf --- /dev/null +++ b/poc/cve/CVE-2024-47363.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47363 + +info: + name: > + Blockspare <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Blockspare plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b54fa719-0ac2-4017-b312-4b4a9bced16d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47363 + metadata: + fofa-query: "wp-content/plugins/blockspare/" + google-query: inurl:"/wp-content/plugins/blockspare/" + shodan-query: 'vuln:CVE-2024-47363' + tags: cve,wordpress,wp-plugin,blockspare,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blockspare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blockspare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47364.yaml b/poc/cve/CVE-2024-47364.yaml new file mode 100644 index 0000000000..e56a2a51ce --- /dev/null +++ b/poc/cve/CVE-2024-47364.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47364 + +info: + name: > + Move Addons for Elementor <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3e3c9dc-985a-48fb-8300-add83046100a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47364 + metadata: + fofa-query: "wp-content/plugins/move-addons/" + google-query: inurl:"/wp-content/plugins/move-addons/" + shodan-query: 'vuln:CVE-2024-47364' + tags: cve,wordpress,wp-plugin,move-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/move-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "move-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47365.yaml b/poc/cve/CVE-2024-47365.yaml new file mode 100644 index 0000000000..d57b4b0504 --- /dev/null +++ b/poc/cve/CVE-2024-47365.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47365 + +info: + name: > + Automatically Hierarchic Categories in Menu <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Automatically Hierarchic Categories in Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9fe53e3-1916-4de2-91a6-83e823fc6e91?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47365 + metadata: + fofa-query: "wp-content/plugins/automatically-hierarchic-categories-in-menu/" + google-query: inurl:"/wp-content/plugins/automatically-hierarchic-categories-in-menu/" + shodan-query: 'vuln:CVE-2024-47365' + tags: cve,wordpress,wp-plugin,automatically-hierarchic-categories-in-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/automatically-hierarchic-categories-in-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "automatically-hierarchic-categories-in-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47366.yaml b/poc/cve/CVE-2024-47366.yaml new file mode 100644 index 0000000000..b7342710c9 --- /dev/null +++ b/poc/cve/CVE-2024-47366.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47366 + +info: + name: > + Elementor Addon Elements <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef847b12-a380-410a-9368-6b2751d1836e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47366 + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:CVE-2024-47366' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47367.yaml b/poc/cve/CVE-2024-47367.yaml new file mode 100644 index 0000000000..ce05cfa212 --- /dev/null +++ b/poc/cve/CVE-2024-47367.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47367 + +info: + name: > + YITH WooCommerce Product Add-Ons <= 4.13.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.13.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd979c94-f6e7-4edd-b2c5-0880ed13e9b0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47367 + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-product-add-ons/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-add-ons/" + shodan-query: 'vuln:CVE-2024-47367' + tags: cve,wordpress,wp-plugin,yith-woocommerce-product-add-ons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-product-add-ons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-product-add-ons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.13.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47368.yaml b/poc/cve/CVE-2024-47368.yaml new file mode 100644 index 0000000000..80f020f310 --- /dev/null +++ b/poc/cve/CVE-2024-47368.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47368 + +info: + name: > + Premium Blocks – Gutenberg Blocks for WordPress <= 2.1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Premium Blocks – Gutenberg Blocks for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2667b7c-b743-44d1-90d6-b1be6fcd7dca?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47368 + metadata: + fofa-query: "wp-content/plugins/premium-blocks-for-gutenberg/" + google-query: inurl:"/wp-content/plugins/premium-blocks-for-gutenberg/" + shodan-query: 'vuln:CVE-2024-47368' + tags: cve,wordpress,wp-plugin,premium-blocks-for-gutenberg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-blocks-for-gutenberg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-blocks-for-gutenberg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.33') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47369.yaml b/poc/cve/CVE-2024-47369.yaml new file mode 100644 index 0000000000..91d989a381 --- /dev/null +++ b/poc/cve/CVE-2024-47369.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47369 + +info: + name: > + Social Auto Poster <= 5.3.15 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Social Auto Poster plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.3.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da5b700c-ec1f-4803-8165-581382cef482?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47369 + metadata: + fofa-query: "wp-content/plugins/social-auto-poster/" + google-query: inurl:"/wp-content/plugins/social-auto-poster/" + shodan-query: 'vuln:CVE-2024-47369' + tags: cve,wordpress,wp-plugin,social-auto-poster,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-auto-poster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-auto-poster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.15') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47370.yaml b/poc/cve/CVE-2024-47370.yaml new file mode 100644 index 0000000000..dceed0f871 --- /dev/null +++ b/poc/cve/CVE-2024-47370.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47370 + +info: + name: > + Author Avatars List/Block <= 2.1.21 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Author Avatars List/Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b9aaafb-cb39-4a3b-85db-d0a8e9498d60?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47370 + metadata: + fofa-query: "wp-content/plugins/author-avatars/" + google-query: inurl:"/wp-content/plugins/author-avatars/" + shodan-query: 'vuln:CVE-2024-47370' + tags: cve,wordpress,wp-plugin,author-avatars,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/author-avatars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "author-avatars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.21') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47371.yaml b/poc/cve/CVE-2024-47371.yaml new file mode 100644 index 0000000000..b715ba0153 --- /dev/null +++ b/poc/cve/CVE-2024-47371.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47371 + +info: + name: > + WP MyLinks <= 1.0.6 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WP MyLinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b768777-d502-47b4-bf78-03c4cd525063?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-47371 + metadata: + fofa-query: "wp-content/plugins/wp-mylinks/" + google-query: inurl:"/wp-content/plugins/wp-mylinks/" + shodan-query: 'vuln:CVE-2024-47371' + tags: cve,wordpress,wp-plugin,wp-mylinks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mylinks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mylinks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47372.yaml b/poc/cve/CVE-2024-47372.yaml new file mode 100644 index 0000000000..f8db4fa3be --- /dev/null +++ b/poc/cve/CVE-2024-47372.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47372 + +info: + name: > + TNC PDF viewer <= 3.1.0 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The TNC PDF viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87bd0e6b-7f0d-4696-99aa-c87013efc5a8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-47372 + metadata: + fofa-query: "wp-content/plugins/pdf-viewer-by-themencode/" + google-query: inurl:"/wp-content/plugins/pdf-viewer-by-themencode/" + shodan-query: 'vuln:CVE-2024-47372' + tags: cve,wordpress,wp-plugin,pdf-viewer-by-themencode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-viewer-by-themencode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-viewer-by-themencode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47373.yaml b/poc/cve/CVE-2024-47373.yaml new file mode 100644 index 0000000000..9d9be3c507 --- /dev/null +++ b/poc/cve/CVE-2024-47373.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47373 + +info: + name: > + LiteSpeed Cache <= 6.5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.5.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/329a140f-94e0-4e2e-8030-c091ad8ac65a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47373 + metadata: + fofa-query: "wp-content/plugins/litespeed-cache/" + google-query: inurl:"/wp-content/plugins/litespeed-cache/" + shodan-query: 'vuln:CVE-2024-47373' + tags: cve,wordpress,wp-plugin,litespeed-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/litespeed-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "litespeed-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.0.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47375.yaml b/poc/cve/CVE-2024-47375.yaml new file mode 100644 index 0000000000..6b87941fc7 --- /dev/null +++ b/poc/cve/CVE-2024-47375.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47375 + +info: + name: > + XLTab – Accordions and Tabs for Elementor Page Builder <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The XLTab – Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f958a43-1753-4605-9e98-ba1468f75ab0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47375 + metadata: + fofa-query: "wp-content/plugins/xl-tab/" + google-query: inurl:"/wp-content/plugins/xl-tab/" + shodan-query: 'vuln:CVE-2024-47375' + tags: cve,wordpress,wp-plugin,xl-tab,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xl-tab/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xl-tab" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47376.yaml b/poc/cve/CVE-2024-47376.yaml new file mode 100644 index 0000000000..58d300948c --- /dev/null +++ b/poc/cve/CVE-2024-47376.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47376 + +info: + name: > + Slideshow Gallery <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Slideshow Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76b4e3d1-170c-4fe0-8e84-246b973d48b1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-47376 + metadata: + fofa-query: "wp-content/plugins/slideshow-gallery/" + google-query: inurl:"/wp-content/plugins/slideshow-gallery/" + shodan-query: 'vuln:CVE-2024-47376' + tags: cve,wordpress,wp-plugin,slideshow-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47377.yaml b/poc/cve/CVE-2024-47377.yaml new file mode 100644 index 0000000000..e3d3e4f7a9 --- /dev/null +++ b/poc/cve/CVE-2024-47377.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47377 + +info: + name: > + BuddyForms <= 2.8.12 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac8a06f5-4560-401c-b762-5422b624ba84?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-47377 + metadata: + fofa-query: "wp-content/plugins/buddyforms/" + google-query: inurl:"/wp-content/plugins/buddyforms/" + shodan-query: 'vuln:CVE-2024-47377' + tags: cve,wordpress,wp-plugin,buddyforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddyforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddyforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.12') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47378.yaml b/poc/cve/CVE-2024-47378.yaml new file mode 100644 index 0000000000..deccf692c7 --- /dev/null +++ b/poc/cve/CVE-2024-47378.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47378 + +info: + name: > + WPCOM Member <= 1.5.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WPCOM Member plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'login_redirect' parameter in versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7769f3d4-041d-445f-a5fc-d5bc9e45ed58?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47378 + metadata: + fofa-query: "wp-content/plugins/wpcom-member/" + google-query: inurl:"/wp-content/plugins/wpcom-member/" + shodan-query: 'vuln:CVE-2024-47378' + tags: cve,wordpress,wp-plugin,wpcom-member,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcom-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcom-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47379.yaml b/poc/cve/CVE-2024-47379.yaml new file mode 100644 index 0000000000..17cad86a74 --- /dev/null +++ b/poc/cve/CVE-2024-47379.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47379 + +info: + name: > + Web Directory Free <= 1.7.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Web Directory Free plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7ea6312-2703-47d1-909e-8c5fd05d9929?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47379 + metadata: + fofa-query: "wp-content/plugins/web-directory-free/" + google-query: inurl:"/wp-content/plugins/web-directory-free/" + shodan-query: 'vuln:CVE-2024-47379' + tags: cve,wordpress,wp-plugin,web-directory-free,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/web-directory-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "web-directory-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47380.yaml b/poc/cve/CVE-2024-47380.yaml new file mode 100644 index 0000000000..5c2bc104de --- /dev/null +++ b/poc/cve/CVE-2024-47380.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47380 + +info: + name: > + WP-Lister Lite for eBay <= 3.6.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP-Lister Lite for eBay plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/919f02ab-a336-46c9-9ce7-f94acac29145?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47380 + metadata: + fofa-query: "wp-content/plugins/wp-lister-for-ebay/" + google-query: inurl:"/wp-content/plugins/wp-lister-for-ebay/" + shodan-query: 'vuln:CVE-2024-47380' + tags: cve,wordpress,wp-plugin,wp-lister-for-ebay,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-lister-for-ebay/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-lister-for-ebay" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47381.yaml b/poc/cve/CVE-2024-47381.yaml new file mode 100644 index 0000000000..06c793965a --- /dev/null +++ b/poc/cve/CVE-2024-47381.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47381 + +info: + name: > + Depicter Slider <= 3.2.2 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59e60d00-985e-4152-a3d8-d2ba8075fab8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-47381 + metadata: + fofa-query: "wp-content/plugins/depicter/" + google-query: inurl:"/wp-content/plugins/depicter/" + shodan-query: 'vuln:CVE-2024-47381' + tags: cve,wordpress,wp-plugin,depicter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/depicter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "depicter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47382.yaml b/poc/cve/CVE-2024-47382.yaml new file mode 100644 index 0000000000..ff2d014edd --- /dev/null +++ b/poc/cve/CVE-2024-47382.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47382 + +info: + name: > + Page-list <= 5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Page-list plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9d39796-ad51-4b52-af8a-f3334e6ca68d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47382 + metadata: + fofa-query: "wp-content/plugins/page-list/" + google-query: inurl:"/wp-content/plugins/page-list/" + shodan-query: 'vuln:CVE-2024-47382' + tags: cve,wordpress,wp-plugin,page-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47383.yaml b/poc/cve/CVE-2024-47383.yaml new file mode 100644 index 0000000000..19a67cc392 --- /dev/null +++ b/poc/cve/CVE-2024-47383.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47383 + +info: + name: > + The Pack Elementor addons <= 2.0.8.8 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The The Pack Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.8.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfc4ab58-2117-42e7-b367-ee47e28c69ca?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47383 + metadata: + fofa-query: "wp-content/plugins/the-pack-addon/" + google-query: inurl:"/wp-content/plugins/the-pack-addon/" + shodan-query: 'vuln:CVE-2024-47383' + tags: cve,wordpress,wp-plugin,the-pack-addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-pack-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-pack-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8.8') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47384.yaml b/poc/cve/CVE-2024-47384.yaml new file mode 100644 index 0000000000..d74e22dcf7 --- /dev/null +++ b/poc/cve/CVE-2024-47384.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47384 + +info: + name: > + WP Compress – Image Optimizer [All-In-One] <= 6.20.13 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 6.20.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5190b5ac-a12c-45ea-97fd-2d86bc2b090c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47384 + metadata: + fofa-query: "wp-content/plugins/wp-compress-image-optimizer/" + google-query: inurl:"/wp-content/plugins/wp-compress-image-optimizer/" + shodan-query: 'vuln:CVE-2024-47384' + tags: cve,wordpress,wp-plugin,wp-compress-image-optimizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-compress-image-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-compress-image-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.20.13') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47385.yaml b/poc/cve/CVE-2024-47385.yaml new file mode 100644 index 0000000000..61bc9ab574 --- /dev/null +++ b/poc/cve/CVE-2024-47385.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47385 + +info: + name: > + Essential Blocks for Gutenberg <= 4.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Essential Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3111d016-e414-44df-925a-84010316c4ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47385 + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:CVE-2024-47385' + tags: cve,wordpress,wp-plugin,essential-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47386.yaml b/poc/cve/CVE-2024-47386.yaml new file mode 100644 index 0000000000..74cb7ab4f5 --- /dev/null +++ b/poc/cve/CVE-2024-47386.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47386 + +info: + name: > + The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7809697d-367a-4051-9865-440ba8ce7ad5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47386 + metadata: + fofa-query: "wp-content/plugins/wpextended/" + google-query: inurl:"/wp-content/plugins/wpextended/" + shodan-query: 'vuln:CVE-2024-47386' + tags: cve,wordpress,wp-plugin,wpextended,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpextended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpextended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.8') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47387.yaml b/poc/cve/CVE-2024-47387.yaml new file mode 100644 index 0000000000..2d22148ea0 --- /dev/null +++ b/poc/cve/CVE-2024-47387.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47387 + +info: + name: > + Search Atlas SEO <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Search Atlas SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1a20ca8-8eb8-4247-9145-63bcb0d5d681?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-47387 + metadata: + fofa-query: "wp-content/plugins/metasync/" + google-query: inurl:"/wp-content/plugins/metasync/" + shodan-query: 'vuln:CVE-2024-47387' + tags: cve,wordpress,wp-plugin,metasync,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metasync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metasync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47388.yaml b/poc/cve/CVE-2024-47388.yaml new file mode 100644 index 0000000000..02f19b27c9 --- /dev/null +++ b/poc/cve/CVE-2024-47388.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47388 + +info: + name: > + SliceWP <= 1.1.18 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The SliceWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b33fd509-1cc3-48de-bd4a-7c9749da1cf8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47388 + metadata: + fofa-query: "wp-content/plugins/slicewp/" + google-query: inurl:"/wp-content/plugins/slicewp/" + shodan-query: 'vuln:CVE-2024-47388' + tags: cve,wordpress,wp-plugin,slicewp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slicewp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slicewp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.18') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47389.yaml b/poc/cve/CVE-2024-47389.yaml new file mode 100644 index 0000000000..1f0a8e6b86 --- /dev/null +++ b/poc/cve/CVE-2024-47389.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47389 + +info: + name: > + NEX-Forms – Ultimate Form Builder <= 8.7.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The NEX-Forms – Ultimate Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 8.7.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75f98731-f5a1-46aa-bf00-3b119a3b917e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47389 + metadata: + fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/" + google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/" + shodan-query: 'vuln:CVE-2024-47389' + tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nex-forms-express-wp-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nex-forms-express-wp-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.7.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47390.yaml b/poc/cve/CVE-2024-47390.yaml new file mode 100644 index 0000000000..ce7e155365 --- /dev/null +++ b/poc/cve/CVE-2024-47390.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47390 + +info: + name: > + Jeg Elementor Kit <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b624e9b-d21e-43d2-83ad-7760ed63a75c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47390 + metadata: + fofa-query: "wp-content/plugins/jeg-elementor-kit/" + google-query: inurl:"/wp-content/plugins/jeg-elementor-kit/" + shodan-query: 'vuln:CVE-2024-47390' + tags: cve,wordpress,wp-plugin,jeg-elementor-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jeg-elementor-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jeg-elementor-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.8') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47391.yaml b/poc/cve/CVE-2024-47391.yaml new file mode 100644 index 0000000000..d42b13ae7e --- /dev/null +++ b/poc/cve/CVE-2024-47391.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47391 + +info: + name: > + Bold Page Builder <= 5.1.- - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 5.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60564e6b-9eea-4bba-b9b9-391a0f37cc95?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47391 + metadata: + fofa-query: "wp-content/plugins/bold-page-builder/" + google-query: inurl:"/wp-content/plugins/bold-page-builder/" + shodan-query: 'vuln:CVE-2024-47391' + tags: cve,wordpress,wp-plugin,bold-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47392.yaml b/poc/cve/CVE-2024-47392.yaml new file mode 100644 index 0000000000..4f8abea484 --- /dev/null +++ b/poc/cve/CVE-2024-47392.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47392 + +info: + name: > + Element Pack Elementor Addons <= 5.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Element Pack Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dde2edc7-74dd-4763-b83b-97cfeb2b764c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47392 + metadata: + fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/" + shodan-query: 'vuln:CVE-2024-47392' + tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-element-pack-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-element-pack-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.5') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47393.yaml b/poc/cve/CVE-2024-47393.yaml new file mode 100644 index 0000000000..09c159e8e3 --- /dev/null +++ b/poc/cve/CVE-2024-47393.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47393 + +info: + name: > + Quill Forms <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Quill Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/605b49a9-caa2-4bcd-8849-eb777b03ab01?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47393 + metadata: + fofa-query: "wp-content/plugins/quillforms/" + google-query: inurl:"/wp-content/plugins/quillforms/" + shodan-query: 'vuln:CVE-2024-47393' + tags: cve,wordpress,wp-plugin,quillforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quillforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quillforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47394.yaml b/poc/cve/CVE-2024-47394.yaml new file mode 100644 index 0000000000..28d93ebfce --- /dev/null +++ b/poc/cve/CVE-2024-47394.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47394 + +info: + name: > + JobSearch <= 2.5.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The JobSearch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aae6058c-1a0c-48dd-9aca-9a44f06d27e5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47394 + metadata: + fofa-query: "wp-content/plugins/wp-jobsearch/" + google-query: inurl:"/wp-content/plugins/wp-jobsearch/" + shodan-query: 'vuln:CVE-2024-47394' + tags: cve,wordpress,wp-plugin,wp-jobsearch,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.9') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47395.yaml b/poc/cve/CVE-2024-47395.yaml new file mode 100644 index 0000000000..b945758926 --- /dev/null +++ b/poc/cve/CVE-2024-47395.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47395 + +info: + name: > + Robokassa payment gateway for Woocommerce <= 1.6.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Robokassa payment gateway for Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4186a609-84f1-4852-8ed9-e8ba6263b635?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47395 + metadata: + fofa-query: "wp-content/plugins/robokassa/" + google-query: inurl:"/wp-content/plugins/robokassa/" + shodan-query: 'vuln:CVE-2024-47395' + tags: cve,wordpress,wp-plugin,robokassa,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/robokassa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "robokassa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47621.yaml b/poc/cve/CVE-2024-47621.yaml new file mode 100644 index 0000000000..6e44e0652a --- /dev/null +++ b/poc/cve/CVE-2024-47621.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47621 + +info: + name: > + Zotpress <= 7.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.3.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/deac4e1d-edeb-4d66-a152-6dca84e60b68?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47621 + metadata: + fofa-query: "wp-content/plugins/zotpress/" + google-query: inurl:"/wp-content/plugins/zotpress/" + shodan-query: 'vuln:CVE-2024-47621' + tags: cve,wordpress,wp-plugin,zotpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zotpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zotpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.10') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47622.yaml b/poc/cve/CVE-2024-47622.yaml new file mode 100644 index 0000000000..60a9d5210e --- /dev/null +++ b/poc/cve/CVE-2024-47622.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47622 + +info: + name: > + Advanced Woo Labels <= 2.01 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Advanced Woo Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.01 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4bfde95b-70bf-4445-a8b0-53dbdc5d2334?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47622 + metadata: + fofa-query: "wp-content/plugins/advanced-woo-labels/" + google-query: inurl:"/wp-content/plugins/advanced-woo-labels/" + shodan-query: 'vuln:CVE-2024-47622' + tags: cve,wordpress,wp-plugin,advanced-woo-labels,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-woo-labels/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-woo-labels" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.01') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47623.yaml b/poc/cve/CVE-2024-47623.yaml new file mode 100644 index 0000000000..6579d5a92c --- /dev/null +++ b/poc/cve/CVE-2024-47623.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47623 + +info: + name: > + Gallery Lightbox <= 1.0.0.39 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Gallery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a9fb50-8ab1-43e3-b618-d92fa50b3e07?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47623 + metadata: + fofa-query: "wp-content/plugins/gallery-lightbox-slider/" + google-query: inurl:"/wp-content/plugins/gallery-lightbox-slider/" + shodan-query: 'vuln:CVE-2024-47623' + tags: cve,wordpress,wp-plugin,gallery-lightbox-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-lightbox-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-lightbox-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0.39') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47624.yaml b/poc/cve/CVE-2024-47624.yaml new file mode 100644 index 0000000000..21cbe35749 --- /dev/null +++ b/poc/cve/CVE-2024-47624.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47624 + +info: + name: > + BSK Forms Blacklist <= 3.8.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The BSK Forms Blacklist plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d4ce8ce-2630-4f8b-9438-38c6b7b0caa9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47624 + metadata: + fofa-query: "wp-content/plugins/bsk-gravityforms-blacklist/" + google-query: inurl:"/wp-content/plugins/bsk-gravityforms-blacklist/" + shodan-query: 'vuln:CVE-2024-47624' + tags: cve,wordpress,wp-plugin,bsk-gravityforms-blacklist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bsk-gravityforms-blacklist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bsk-gravityforms-blacklist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47625.yaml b/poc/cve/CVE-2024-47625.yaml new file mode 100644 index 0000000000..61d8f9f5a1 --- /dev/null +++ b/poc/cve/CVE-2024-47625.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47625 + +info: + name: > + Enter Addons <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Enter Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1cec715-d19b-48b4-a924-5fb3f9a269ee?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47625 + metadata: + fofa-query: "wp-content/plugins/enteraddons/" + google-query: inurl:"/wp-content/plugins/enteraddons/" + shodan-query: 'vuln:CVE-2024-47625' + tags: cve,wordpress,wp-plugin,enteraddons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enteraddons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enteraddons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47626.yaml b/poc/cve/CVE-2024-47626.yaml new file mode 100644 index 0000000000..a606194e40 --- /dev/null +++ b/poc/cve/CVE-2024-47626.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47626 + +info: + name: > + RomethemeKit For Elementor <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The RomethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c14e6411-20de-4cfe-96b5-20e71718610e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47626 + metadata: + fofa-query: "wp-content/plugins/rometheme-for-elementor/" + google-query: inurl:"/wp-content/plugins/rometheme-for-elementor/" + shodan-query: 'vuln:CVE-2024-47626' + tags: cve,wordpress,wp-plugin,rometheme-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rometheme-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rometheme-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47627.yaml b/poc/cve/CVE-2024-47627.yaml new file mode 100644 index 0000000000..54bc943314 --- /dev/null +++ b/poc/cve/CVE-2024-47627.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47627 + +info: + name: > + WP Travel Gutenberg Blocks <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WP Travel Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87e74f4f-8426-4550-8c4d-eb776f023d09?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47627 + metadata: + fofa-query: "wp-content/plugins/wp-travel-blocks/" + google-query: inurl:"/wp-content/plugins/wp-travel-blocks/" + shodan-query: 'vuln:CVE-2024-47627' + tags: cve,wordpress,wp-plugin,wp-travel-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-travel-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-travel-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47628.yaml b/poc/cve/CVE-2024-47628.yaml new file mode 100644 index 0000000000..e01906c8ab --- /dev/null +++ b/poc/cve/CVE-2024-47628.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47628 + +info: + name: > + LA-Studio Element Kit for Elementor <= 1.3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7967b44-a3a1-48e5-a873-527348e2a88a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47628 + metadata: + fofa-query: "wp-content/plugins/lastudio-element-kit/" + google-query: inurl:"/wp-content/plugins/lastudio-element-kit/" + shodan-query: 'vuln:CVE-2024-47628' + tags: cve,wordpress,wp-plugin,lastudio-element-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lastudio-element-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lastudio-element-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47629.yaml b/poc/cve/CVE-2024-47629.yaml new file mode 100644 index 0000000000..1ad60f1c62 --- /dev/null +++ b/poc/cve/CVE-2024-47629.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47629 + +info: + name: > + Ultimate Store Kit Elementor Addons <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Ultimate Store Kit Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7891b657-a6bc-40e8-bf43-02b4c05d63a9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47629 + metadata: + fofa-query: "wp-content/plugins/ultimate-store-kit/" + google-query: inurl:"/wp-content/plugins/ultimate-store-kit/" + shodan-query: 'vuln:CVE-2024-47629' + tags: cve,wordpress,wp-plugin,ultimate-store-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-store-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-store-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47630.yaml b/poc/cve/CVE-2024-47630.yaml new file mode 100644 index 0000000000..5f2b3913a1 --- /dev/null +++ b/poc/cve/CVE-2024-47630.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47630 + +info: + name: > + ElementInvader Addons for Elementor <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2acd36d-013b-4833-95ea-27d6b6db64a0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47630 + metadata: + fofa-query: "wp-content/plugins/elementinvader-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/elementinvader-addons-for-elementor/" + shodan-query: 'vuln:CVE-2024-47630' + tags: cve,wordpress,wp-plugin,elementinvader-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementinvader-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementinvader-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47631.yaml b/poc/cve/CVE-2024-47631.yaml new file mode 100644 index 0000000000..012a166fe6 --- /dev/null +++ b/poc/cve/CVE-2024-47631.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47631 + +info: + name: > + Logo Carousel – Clients logo carousel for WP <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Logo Carousel – Clients logo carousel for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e694ef1a-3e81-4995-a96b-2417cb308ce6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47631 + metadata: + fofa-query: "wp-content/plugins/responsive-client-logo-carousel-slider/" + google-query: inurl:"/wp-content/plugins/responsive-client-logo-carousel-slider/" + shodan-query: 'vuln:CVE-2024-47631' + tags: cve,wordpress,wp-plugin,responsive-client-logo-carousel-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-client-logo-carousel-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-client-logo-carousel-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47632.yaml b/poc/cve/CVE-2024-47632.yaml new file mode 100644 index 0000000000..0f8354c037 --- /dev/null +++ b/poc/cve/CVE-2024-47632.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47632 + +info: + name: > + DethemeKit For Elementor <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f0294c2-40ac-48aa-8377-e724e9cfc6c9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47632 + metadata: + fofa-query: "wp-content/plugins/dethemekit-for-elementor/" + google-query: inurl:"/wp-content/plugins/dethemekit-for-elementor/" + shodan-query: 'vuln:CVE-2024-47632' + tags: cve,wordpress,wp-plugin,dethemekit-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dethemekit-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dethemekit-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47633.yaml b/poc/cve/CVE-2024-47633.yaml new file mode 100644 index 0000000000..b922a5863d --- /dev/null +++ b/poc/cve/CVE-2024-47633.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47633 + +info: + name: > + Zoho Forms <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Zoho Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8603d4cd-5e01-4a68-b127-8c99609e0413?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47633 + metadata: + fofa-query: "wp-content/plugins/zoho-forms/" + google-query: inurl:"/wp-content/plugins/zoho-forms/" + shodan-query: 'vuln:CVE-2024-47633' + tags: cve,wordpress,wp-plugin,zoho-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zoho-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zoho-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47634.yaml b/poc/cve/CVE-2024-47634.yaml new file mode 100644 index 0000000000..65daf3a404 --- /dev/null +++ b/poc/cve/CVE-2024-47634.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47634 + +info: + name: > + CartBounty – Save and recover abandoned carts for WooCommerce <= 8.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The CartBounty – Save and recover abandoned carts for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete carts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1666170c-6489-4fbb-8356-f1a7790d74d6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-47634 + metadata: + fofa-query: "wp-content/plugins/woo-save-abandoned-carts/" + google-query: inurl:"/wp-content/plugins/woo-save-abandoned-carts/" + shodan-query: 'vuln:CVE-2024-47634' + tags: cve,wordpress,wp-plugin,woo-save-abandoned-carts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-save-abandoned-carts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-save-abandoned-carts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47635.yaml b/poc/cve/CVE-2024-47635.yaml new file mode 100644 index 0000000000..fc6057cce7 --- /dev/null +++ b/poc/cve/CVE-2024-47635.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47635 + +info: + name: > + TinyPNG <= 3.4.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The TinyPNG plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.3. This is due to missing or incorrect nonce validation on the update_api_key() function and other functions. This makes it possible for unauthenticated attackers to update settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e44d85d-6bde-4194-8f33-5db6dacf544c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-47635 + metadata: + fofa-query: "wp-content/plugins/tiny-compress-images/" + google-query: inurl:"/wp-content/plugins/tiny-compress-images/" + shodan-query: 'vuln:CVE-2024-47635' + tags: cve,wordpress,wp-plugin,tiny-compress-images,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tiny-compress-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tiny-compress-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47636.yaml b/poc/cve/CVE-2024-47636.yaml new file mode 100644 index 0000000000..16fe1ab379 --- /dev/null +++ b/poc/cve/CVE-2024-47636.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47636 + +info: + name: > + JobSearch <= 2.5.9 - Unauthenticated PHP Object Injection + author: topscoder + severity: critical + description: > + The JobSearch WP Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.9 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b550a140-0bdc-4840-806a-3eaceee7e42f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-47636 + metadata: + fofa-query: "wp-content/plugins/wp-jobsearch/" + google-query: inurl:"/wp-content/plugins/wp-jobsearch/" + shodan-query: 'vuln:CVE-2024-47636' + tags: cve,wordpress,wp-plugin,wp-jobsearch,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.9') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47637.yaml b/poc/cve/CVE-2024-47637.yaml new file mode 100644 index 0000000000..7e7822765c --- /dev/null +++ b/poc/cve/CVE-2024-47637.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47637 + +info: + name: > + LiteSpeed Cache <= 6.4.1 - Authenticated (Author+) Path Traversal + author: topscoder + severity: low + description: > + The LiteSpeed Cache plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.4.1. This makes it possible for authenticated attackers, with author-level access and above, to perform actions on files outside of the originally intended directory. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b49add4-a4ae-4527-95bd-c295200eeedd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-47637 + metadata: + fofa-query: "wp-content/plugins/litespeed-cache/" + google-query: inurl:"/wp-content/plugins/litespeed-cache/" + shodan-query: 'vuln:CVE-2024-47637' + tags: cve,wordpress,wp-plugin,litespeed-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/litespeed-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "litespeed-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47638.yaml b/poc/cve/CVE-2024-47638.yaml new file mode 100644 index 0000000000..59ee915922 --- /dev/null +++ b/poc/cve/CVE-2024-47638.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47638 + +info: + name: > + Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8f7d1c3-50eb-44ef-a832-a0230ff1406f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47638 + metadata: + fofa-query: "wp-content/plugins/meeting-scheduler-by-vcita/" + google-query: inurl:"/wp-content/plugins/meeting-scheduler-by-vcita/" + shodan-query: 'vuln:CVE-2024-47638' + tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meeting-scheduler-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meeting-scheduler-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47639.yaml b/poc/cve/CVE-2024-47639.yaml new file mode 100644 index 0000000000..c290402465 --- /dev/null +++ b/poc/cve/CVE-2024-47639.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47639 + +info: + name: > + VdoCipher <= 1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The VdoCipher plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae7fa018-c87f-463b-84a3-bbe71b73d3dd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47639 + metadata: + fofa-query: "wp-content/plugins/vdocipher/" + google-query: inurl:"/wp-content/plugins/vdocipher/" + shodan-query: 'vuln:CVE-2024-47639' + tags: cve,wordpress,wp-plugin,vdocipher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vdocipher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vdocipher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.29') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47642.yaml b/poc/cve/CVE-2024-47642.yaml new file mode 100644 index 0000000000..901b67871b --- /dev/null +++ b/poc/cve/CVE-2024-47642.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47642 + +info: + name: > + Keap Official Opt-in Forms <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6cee2c1-cdfb-419a-8900-bc9d921d610e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47642 + metadata: + fofa-query: "wp-content/plugins/infusionsoft-official-opt-in-forms/" + google-query: inurl:"/wp-content/plugins/infusionsoft-official-opt-in-forms/" + shodan-query: 'vuln:CVE-2024-47642' + tags: cve,wordpress,wp-plugin,infusionsoft-official-opt-in-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/infusionsoft-official-opt-in-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "infusionsoft-official-opt-in-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47643.yaml b/poc/cve/CVE-2024-47643.yaml new file mode 100644 index 0000000000..3db4639f86 --- /dev/null +++ b/poc/cve/CVE-2024-47643.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47643 + +info: + name: > + Include Fussball.de Widgets <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Include Fussball.de Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27a48196-60c5-45c4-8d60-c563183fab66?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47643 + metadata: + fofa-query: "wp-content/plugins/include-fussball-de-widgets/" + google-query: inurl:"/wp-content/plugins/include-fussball-de-widgets/" + shodan-query: 'vuln:CVE-2024-47643' + tags: cve,wordpress,wp-plugin,include-fussball-de-widgets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/include-fussball-de-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "include-fussball-de-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47644.yaml b/poc/cve/CVE-2024-47644.yaml new file mode 100644 index 0000000000..eeed1a7cd3 --- /dev/null +++ b/poc/cve/CVE-2024-47644.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47644 + +info: + name: > + Copyscape Premium <= 1.3.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + The Copyscape Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update plugin settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9370c320-b3bc-4965-9cc7-b2bf3a24e251?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47644 + metadata: + fofa-query: "wp-content/plugins/copyscape-premium/" + google-query: inurl:"/wp-content/plugins/copyscape-premium/" + shodan-query: 'vuln:CVE-2024-47644' + tags: cve,wordpress,wp-plugin,copyscape-premium,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/copyscape-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "copyscape-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47645.yaml b/poc/cve/CVE-2024-47645.yaml new file mode 100644 index 0000000000..398108346f --- /dev/null +++ b/poc/cve/CVE-2024-47645.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47645 + +info: + name: > + Top Bar – PopUps – by WPOptin <= 2.0.1 - Unauthenticated Local File Inclusion + author: topscoder + severity: critical + description: > + The Top Bar – PopUps – by WPOptin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/464e64f8-de64-4a49-afd3-43142793c24d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.1 + cve-id: CVE-2024-47645 + metadata: + fofa-query: "wp-content/plugins/wpoptin/" + google-query: inurl:"/wp-content/plugins/wpoptin/" + shodan-query: 'vuln:CVE-2024-47645' + tags: cve,wordpress,wp-plugin,wpoptin,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpoptin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpoptin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47646.yaml b/poc/cve/CVE-2024-47646.yaml new file mode 100644 index 0000000000..b5cc28aa3d --- /dev/null +++ b/poc/cve/CVE-2024-47646.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47646 + +info: + name: > + Payflex Payment Gateway <= 2.6.1 - Open Redirect + author: topscoder + severity: medium + description: > + The Payflex Payment Gateway plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.6.1. This is due to insufficient validation on a redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3fe91c7e-e4d4-4308-a8ca-22d7985ddb61?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47646 + metadata: + fofa-query: "wp-content/plugins/payflex-payment-gateway/" + google-query: inurl:"/wp-content/plugins/payflex-payment-gateway/" + shodan-query: 'vuln:CVE-2024-47646' + tags: cve,wordpress,wp-plugin,payflex-payment-gateway,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/payflex-payment-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "payflex-payment-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47647.yaml b/poc/cve/CVE-2024-47647.yaml new file mode 100644 index 0000000000..413530d52a --- /dev/null +++ b/poc/cve/CVE-2024-47647.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47647 + +info: + name: > + Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin <= 1.27 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The FAQ / Accordion / Docs – Helpie WordPress FAQ Accordion plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.27 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66293047-1d1d-434f-bde6-130197fa93ca?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-47647 + metadata: + fofa-query: "wp-content/plugins/helpie-faq/" + google-query: inurl:"/wp-content/plugins/helpie-faq/" + shodan-query: 'vuln:CVE-2024-47647' + tags: cve,wordpress,wp-plugin,helpie-faq,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/helpie-faq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "helpie-faq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.27') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47648.yaml b/poc/cve/CVE-2024-47648.yaml new file mode 100644 index 0000000000..2aa2b6edb3 --- /dev/null +++ b/poc/cve/CVE-2024-47648.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47648 + +info: + name: > + EventPrime <= 4.0.4.5 - Open Redirect + author: topscoder + severity: medium + description: > + The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.4.5. This is due to insufficient validation on a redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35c7c089-6517-419e-8ba3-e6c2692fe1ae?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-47648 + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:CVE-2024-47648' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.4.5') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47649.yaml b/poc/cve/CVE-2024-47649.yaml new file mode 100644 index 0000000000..7aac15ed22 --- /dev/null +++ b/poc/cve/CVE-2024-47649.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47649 + +info: + name: > + Iconize <= 1.2.4 - Authenticated (Admin+) Remote Code Execution + author: topscoder + severity: low + description: > + The Iconize plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/431bcb93-396f-470b-94c9-66a9a2973552?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2024-47649 + metadata: + fofa-query: "wp-content/plugins/iconize/" + google-query: inurl:"/wp-content/plugins/iconize/" + shodan-query: 'vuln:CVE-2024-47649' + tags: cve,wordpress,wp-plugin,iconize,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iconize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iconize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-47650.yaml b/poc/cve/CVE-2024-47650.yaml new file mode 100644 index 0000000000..0eeae83782 --- /dev/null +++ b/poc/cve/CVE-2024-47650.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-47650 + +info: + name: > + WP-WebAuthn <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2bffed25-d7f0-40de-a55d-42653aff0673?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-47650 + metadata: + fofa-query: "wp-content/plugins/wp-webauthn/" + google-query: inurl:"/wp-content/plugins/wp-webauthn/" + shodan-query: 'vuln:CVE-2024-47650' + tags: cve,wordpress,wp-plugin,wp-webauthn,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-webauthn/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-webauthn" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-7489-aa8f1735fc553f9668252fa41454f24d.yaml b/poc/cve/CVE-2024-7489-aa8f1735fc553f9668252fa41454f24d.yaml new file mode 100644 index 0000000000..e28d07e66f --- /dev/null +++ b/poc/cve/CVE-2024-7489-aa8f1735fc553f9668252fa41454f24d.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-7489-aa8f1735fc553f9668252fa41454f24d + +info: + name: > + Forms for Mailchimp by Optin Cat <= 2.5.6 - Authenticated (Editor+) Stored Cross-Site Scripting via Form Color Parameters + author: topscoder + severity: low + description: > + The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52f9db86-7fed-4b32-8384-3ceb300f9249?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-7489 + metadata: + fofa-query: "wp-content/plugins/mailchimp-wp/" + google-query: inurl:"/wp-content/plugins/mailchimp-wp/" + shodan-query: 'vuln:CVE-2024-7489' + tags: cve,wordpress,wp-plugin,mailchimp-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailchimp-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailchimp-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-7514.yaml b/poc/cve/CVE-2024-7514.yaml new file mode 100644 index 0000000000..71a905ea3c --- /dev/null +++ b/poc/cve/CVE-2024-7514.yaml @@ -0,0 +1,60 @@ +id: CVE-2024-7514 + +info: + name: > + WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal + author: topscoder + severity: low + description: > + The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. + The issue was partially fixed in version 2.3.8 and fully fixed in 2.3.9 + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30a79974-ee61-4764-8864-89659b1848a4?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2024-7514 + metadata: + fofa-query: "wp-content/plugins/comments-import-export-woocommerce/" + google-query: inurl:"/wp-content/plugins/comments-import-export-woocommerce/" + shodan-query: 'vuln:CVE-2024-7514' + tags: cve,wordpress,wp-plugin,comments-import-export-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comments-import-export-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comments-import-export-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.7') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8492-94675fec1abc838fe0b6b303f8fc36d8.yaml b/poc/cve/CVE-2024-8492-94675fec1abc838fe0b6b303f8fc36d8.yaml new file mode 100644 index 0000000000..de1e1e16da --- /dev/null +++ b/poc/cve/CVE-2024-8492-94675fec1abc838fe0b6b303f8fc36d8.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8492-94675fec1abc838fe0b6b303f8fc36d8 + +info: + name: > + Hustle <= 7.8.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 7.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7023a3e-35ba-4d52-8092-ae40b53d5efa?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-8492 + metadata: + fofa-query: "wp-content/plugins/wordpress-popup/" + google-query: inurl:"/wp-content/plugins/wordpress-popup/" + shodan-query: 'vuln:CVE-2024-8492' + tags: cve,wordpress,wp-plugin,wordpress-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.8.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8493-187c32b4472ed4bbe2ad3f6482869576.yaml b/poc/cve/CVE-2024-8493-187c32b4472ed4bbe2ad3f6482869576.yaml new file mode 100644 index 0000000000..237fec9fd6 --- /dev/null +++ b/poc/cve/CVE-2024-8493-187c32b4472ed4bbe2ad3f6482869576.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8493-187c32b4472ed4bbe2ad3f6482869576 + +info: + name: > + The Events Calendar <= 6.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6df29b14-0c9d-4ecf-96be-8c39c93121e2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-8493 + metadata: + fofa-query: "wp-content/plugins/the-events-calendar/" + google-query: inurl:"/wp-content/plugins/the-events-calendar/" + shodan-query: 'vuln:CVE-2024-8493' + tags: cve,wordpress,wp-plugin,the-events-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.6.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8619-68e42e392b92a31acf5085fd0331fe98.yaml b/poc/cve/CVE-2024-8619-68e42e392b92a31acf5085fd0331fe98.yaml new file mode 100644 index 0000000000..932919e92a --- /dev/null +++ b/poc/cve/CVE-2024-8619-68e42e392b92a31acf5085fd0331fe98.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8619-68e42e392b92a31acf5085fd0331fe98 + +info: + name: > + Ajax Search Lite <= 4.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Ajax Search Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1cc3dbe-26e3-478f-9574-f57ffa0f50c3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-8619 + metadata: + fofa-query: "wp-content/plugins/ajax-search-lite/" + google-query: inurl:"/wp-content/plugins/ajax-search-lite/" + shodan-query: 'vuln:CVE-2024-8619' + tags: cve,wordpress,wp-plugin,ajax-search-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-search-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-search-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.12.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8757-234bd8d60a5f32f1b24409ba56f236a6.yaml b/poc/cve/CVE-2024-8757-234bd8d60a5f32f1b24409ba56f236a6.yaml new file mode 100644 index 0000000000..3d5460bdd9 --- /dev/null +++ b/poc/cve/CVE-2024-8757-234bd8d60a5f32f1b24409ba56f236a6.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8757-234bd8d60a5f32f1b24409ba56f236a6 + +info: + name: > + Boost Your Blog's Engagement with WP Post Author <= 3.8.1 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is vulnerable to time-based SQL Injection via the linked_user_id parameter in all versions up to, and including, 3.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d667bafc-5f19-4889-a988-236df050c013?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2024-8757 + metadata: + fofa-query: "wp-content/plugins/wp-post-author/" + google-query: inurl:"/wp-content/plugins/wp-post-author/" + shodan-query: 'vuln:CVE-2024-8757' + tags: cve,wordpress,wp-plugin,wp-post-author,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-post-author/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-post-author" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8760-97bda91e9d60d0f1065494ed99fe53b7.yaml b/poc/cve/CVE-2024-8760-97bda91e9d60d0f1065494ed99fe53b7.yaml new file mode 100644 index 0000000000..f2d94da846 --- /dev/null +++ b/poc/cve/CVE-2024-8760-97bda91e9d60d0f1065494ed99fe53b7.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8760-97bda91e9d60d0f1065494ed99fe53b7 + +info: + name: > + Stackable – Page Builder Gutenberg Blocks <= 3.13.6 - Unauthenticated CSS Injection + author: topscoder + severity: medium + description: > + The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to CSS Injection in all versions up to, and including, 3.13.6. This makes it possible for unauthenticated attackers to embed untrusted style information into comments resulting in a possibility of data exfiltration such as admin nonces with limited impact. These nonces could be used to perform CSRF attacks within a limited time window. The presence of other plugins may make additional nonces available, which may pose a risk in plugins that don't perform capability checks to protect AJAX actions or other actions reachable by lower-privileged users. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fd0b13c-7447-45da-9608-80b7629d9bbf?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2024-8760 + metadata: + fofa-query: "wp-content/plugins/stackable-ultimate-gutenberg-blocks/" + google-query: inurl:"/wp-content/plugins/stackable-ultimate-gutenberg-blocks/" + shodan-query: 'vuln:CVE-2024-8760' + tags: cve,wordpress,wp-plugin,stackable-ultimate-gutenberg-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stackable-ultimate-gutenberg-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stackable-ultimate-gutenberg-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.13.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8902-973a09e850f27d16cf400f1ff83278bd.yaml b/poc/cve/CVE-2024-8902-973a09e850f27d16cf400f1ff83278bd.yaml new file mode 100644 index 0000000000..e910577536 --- /dev/null +++ b/poc/cve/CVE-2024-8902-973a09e850f27d16cf400f1ff83278bd.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8902-973a09e850f27d16cf400f1ff83278bd + +info: + name: > + Elementor Addon Elements <= 1.13.8 - Authenticated (Contributor+) Sensitive Information Exposure via table_saved_sections + author: topscoder + severity: low + description: > + The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/widgets/data-table.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7317ecf5-d43d-4080-ad2a-7644764dd41e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2024-8902 + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:CVE-2024-8902' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.8') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8913.yaml b/poc/cve/CVE-2024-8913.yaml new file mode 100644 index 0000000000..a44e0fe67a --- /dev/null +++ b/poc/cve/CVE-2024-8913.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8913 + +info: + name: > + The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via content_template + author: topscoder + severity: low + description: > + The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function in modules/widgets/tp_accordion.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46126f88-416a-4430-8596-12f72cd2c1e7?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2024-8913 + metadata: + fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + shodan-query: 'vuln:CVE-2024-8913' + tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-plus-addons-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.11') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8915-c96fbadd6669597791ff972bbeeaf8cd.yaml b/poc/cve/CVE-2024-8915-c96fbadd6669597791ff972bbeeaf8cd.yaml new file mode 100644 index 0000000000..3c34589e82 --- /dev/null +++ b/poc/cve/CVE-2024-8915-c96fbadd6669597791ff972bbeeaf8cd.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8915-c96fbadd6669597791ff972bbeeaf8cd + +info: + name: > + Category Icon <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + The Category Icon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1dc4acdc-754f-4ee0-947d-ff0c277e8181?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-8915 + metadata: + fofa-query: "wp-content/plugins/category-icon/" + google-query: inurl:"/wp-content/plugins/category-icon/" + shodan-query: 'vuln:CVE-2024-8915' + tags: cve,wordpress,wp-plugin,category-icon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/category-icon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "category-icon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9047-4fa9dae40fda722965808b936ffa6acb.yaml b/poc/cve/CVE-2024-9047-4fa9dae40fda722965808b936ffa6acb.yaml new file mode 100644 index 0000000000..a440dcb4a9 --- /dev/null +++ b/poc/cve/CVE-2024-9047-4fa9dae40fda722965808b936ffa6acb.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9047-4fa9dae40fda722965808b936ffa6acb + +info: + name: > + WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php + author: topscoder + severity: critical + description: > + The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/554a314c-9e8e-4691-9792-d086790ef40f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-9047 + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:CVE-2024-9047' + tags: cve,wordpress,wp-plugin,wp-file-upload,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.24.11') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9051.yaml b/poc/cve/CVE-2024-9051.yaml new file mode 100644 index 0000000000..d75bd6981c --- /dev/null +++ b/poc/cve/CVE-2024-9051.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9051 + +info: + name: > + WP Ultimate Post Grid <= 3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-grid-with-filters Shortcode + author: topscoder + severity: low + description: > + The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpupg-grid-with-filters shortcode in all versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3154a7a-b8b3-490b-9822-b3a92d1b4fef?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9051 + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-post-grid/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-post-grid/" + shodan-query: 'vuln:CVE-2024-9051' + tags: cve,wordpress,wp-plugin,wp-ultimate-post-grid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-post-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-post-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9187-8b43f9d2f6a2b591d59c81d2238caf51.yaml b/poc/cve/CVE-2024-9187-8b43f9d2f6a2b591d59c81d2238caf51.yaml new file mode 100644 index 0000000000..6d62df20fe --- /dev/null +++ b/poc/cve/CVE-2024-9187-8b43f9d2f6a2b591d59c81d2238caf51.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9187-8b43f9d2f6a2b591d59c81d2238caf51 + +info: + name: > + Read more By Adam <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Read More Button Deletion + author: topscoder + severity: low + description: > + The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete read more buttons. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ebc8d0d-04b6-49a0-96c1-7c6d930009d8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-9187 + metadata: + fofa-query: "wp-content/plugins/read-more/" + google-query: inurl:"/wp-content/plugins/read-more/" + shodan-query: 'vuln:CVE-2024-9187' + tags: cve,wordpress,wp-plugin,read-more,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/read-more/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "read-more" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9211.yaml b/poc/cve/CVE-2024-9211.yaml new file mode 100644 index 0000000000..4dd0fdc626 --- /dev/null +++ b/poc/cve/CVE-2024-9211.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9211 + +info: + name: > + FULL – Cliente <= 3.1.22 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.22. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f62a486a-137b-48e5-b276-44438958e811?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9211 + metadata: + fofa-query: "wp-content/plugins/full-customer/" + google-query: inurl:"/wp-content/plugins/full-customer/" + shodan-query: 'vuln:CVE-2024-9211' + tags: cve,wordpress,wp-plugin,full-customer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/full-customer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "full-customer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.22') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9221.yaml b/poc/cve/CVE-2024-9221.yaml new file mode 100644 index 0000000000..0e1e968d89 --- /dev/null +++ b/poc/cve/CVE-2024-9221.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9221 + +info: + name: > + Tainacan <= 0.21.10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.21.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85a8a7df-b472-4a81-b808-a413c158c1cf?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9221 + metadata: + fofa-query: "wp-content/plugins/tainacan/" + google-query: inurl:"/wp-content/plugins/tainacan/" + shodan-query: 'vuln:CVE-2024-9221' + tags: cve,wordpress,wp-plugin,tainacan,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tainacan/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tainacan" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.21.10') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9232.yaml b/poc/cve/CVE-2024-9232.yaml new file mode 100644 index 0000000000..f8366449af --- /dev/null +++ b/poc/cve/CVE-2024-9232.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9232 + +info: + name: > + Download Plugins and Themes in ZIP from Dashboard <= 1.9.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3ea04ba-b609-49cd-aae8-68f5b51df154?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9232 + metadata: + fofa-query: "wp-content/plugins/download-plugins-dashboard/" + google-query: inurl:"/wp-content/plugins/download-plugins-dashboard/" + shodan-query: 'vuln:CVE-2024-9232' + tags: cve,wordpress,wp-plugin,download-plugins-dashboard,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-plugins-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-plugins-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9234.yaml b/poc/cve/CVE-2024-9234.yaml new file mode 100644 index 0000000000..24d887ed40 --- /dev/null +++ b/poc/cve/CVE-2024-9234.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9234 + +info: + name: > + GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: critical + description: > + The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins, or utilize the functionality to upload arbitrary files spoofed like plugins. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e44c5dc0-6bf6-417a-9383-b345ff57ac32?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-9234 + metadata: + fofa-query: "wp-content/plugins/gutenkit-blocks-addon/" + google-query: inurl:"/wp-content/plugins/gutenkit-blocks-addon/" + shodan-query: 'vuln:CVE-2024-9234' + tags: cve,wordpress,wp-plugin,gutenkit-blocks-addon,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gutenkit-blocks-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gutenkit-blocks-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9346.yaml b/poc/cve/CVE-2024-9346.yaml new file mode 100644 index 0000000000..a710994430 --- /dev/null +++ b/poc/cve/CVE-2024-9346.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9346 + +info: + name: > + Embed videos and respect privacy <= 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Embed videos and respect privacy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'v' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/487e5add-726c-4cfc-b86e-bb4eeec168a3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9346 + metadata: + fofa-query: "wp-content/plugins/video-embed-privacy/" + google-query: inurl:"/wp-content/plugins/video-embed-privacy/" + shodan-query: 'vuln:CVE-2024-9346' + tags: cve,wordpress,wp-plugin,video-embed-privacy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-embed-privacy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-embed-privacy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9436.yaml b/poc/cve/CVE-2024-9436.yaml new file mode 100644 index 0000000000..0ff119fa40 --- /dev/null +++ b/poc/cve/CVE-2024-9436.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9436 + +info: + name: > + PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.14 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.14. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/982bc924-1dcd-47b5-b15a-4ff0ad123ad1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9436 + metadata: + fofa-query: "wp-content/plugins/revisionary/" + google-query: inurl:"/wp-content/plugins/revisionary/" + shodan-query: 'vuln:CVE-2024-9436' + tags: cve,wordpress,wp-plugin,revisionary,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/revisionary/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revisionary" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.14') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9507.yaml b/poc/cve/CVE-2024-9507.yaml new file mode 100644 index 0000000000..38e705ec77 --- /dev/null +++ b/poc/cve/CVE-2024-9507.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9507 + +info: + name: > + Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.15.2 - Authenticated (Administrator+) Improper Input Validation via iconUpload Function to Arbitrary File Read + author: topscoder + severity: low + description: > + The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input validation within the iconUpload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to leverage a PHP filter chain attack and read the contents of arbitrary files on the server, which can contain sensitive information. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa46842f-ed07-4f72-aedb-aa27baecd79c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.9 + cve-id: CVE-2024-9507 + metadata: + fofa-query: "wp-content/plugins/bit-form/" + google-query: inurl:"/wp-content/plugins/bit-form/" + shodan-query: 'vuln:CVE-2024-9507' + tags: cve,wordpress,wp-plugin,bit-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bit-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bit-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9538.yaml b/poc/cve/CVE-2024-9538.yaml new file mode 100644 index 0000000000..a6cf27010e --- /dev/null +++ b/poc/cve/CVE-2024-9538.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9538 + +info: + name: > + ShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template + author: topscoder + severity: low + description: > + The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wl_faq.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b36938e-5333-4331-9bb1-34465fe03f2f?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2024-9538 + metadata: + fofa-query: "wp-content/plugins/woolentor-addons/" + google-query: inurl:"/wp-content/plugins/woolentor-addons/" + shodan-query: 'vuln:CVE-2024-9538' + tags: cve,wordpress,wp-plugin,woolentor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woolentor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woolentor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.8') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9543.yaml b/poc/cve/CVE-2024-9543.yaml new file mode 100644 index 0000000000..888ea1afe1 --- /dev/null +++ b/poc/cve/CVE-2024-9543.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9543 + +info: + name: > + Powerpress <= 11.9.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via skipto Shortcode + author: topscoder + severity: low + description: > + The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b33c180-10b4-4550-8c24-72c9e53664a5?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9543 + metadata: + fofa-query: "wp-content/plugins/powerpress/" + google-query: inurl:"/wp-content/plugins/powerpress/" + shodan-query: 'vuln:CVE-2024-9543' + tags: cve,wordpress,wp-plugin,powerpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.9.18') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9586.yaml b/poc/cve/CVE-2024-9586.yaml new file mode 100644 index 0000000000..ee4b3549da --- /dev/null +++ b/poc/cve/CVE-2024-9586.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9586 + +info: + name: > + Linkz.ai <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings Update + author: topscoder + severity: high + description: > + The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to update plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4b4ca5b-c806-4b68-acb8-6b63d6ca5728?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L + cvss-score: 6.5 + cve-id: CVE-2024-9586 + metadata: + fofa-query: "wp-content/plugins/linkz-ai/" + google-query: inurl:"/wp-content/plugins/linkz-ai/" + shodan-query: 'vuln:CVE-2024-9586' + tags: cve,wordpress,wp-plugin,linkz-ai,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/linkz-ai/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "linkz-ai" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9587.yaml b/poc/cve/CVE-2024-9587.yaml new file mode 100644 index 0000000000..6ab91a0c99 --- /dev/null +++ b/poc/cve/CVE-2024-9587.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9587 + +info: + name: > + Linkz.ai <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via AJAX + author: topscoder + severity: low + description: > + The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8. This makes it possible for authenticated attackers with contributor-level privileges or above, to update plugin settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1faa178-e4b1-4d2e-85f1-b852fbf3ab17?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L + cvss-score: 5.4 + cve-id: CVE-2024-9587 + metadata: + fofa-query: "wp-content/plugins/linkz-ai/" + google-query: inurl:"/wp-content/plugins/linkz-ai/" + shodan-query: 'vuln:CVE-2024-9587' + tags: cve,wordpress,wp-plugin,linkz-ai,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/linkz-ai/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "linkz-ai" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9592-fff4a8a541e39d94b5f0980d29acdfe3.yaml b/poc/cve/CVE-2024-9592-fff4a8a541e39d94b5f0980d29acdfe3.yaml new file mode 100644 index 0000000000..bbd173142d --- /dev/null +++ b/poc/cve/CVE-2024-9592-fff4a8a541e39d94b5f0980d29acdfe3.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9592-fff4a8a541e39d94b5f0980d29acdfe3 + +info: + name: > + Easy PayPal Gift Certificate <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wpppgc_plugin_options + author: topscoder + severity: medium + description: > + The Easy PayPal Gift Certificate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the 'wpppgc_plugin_options' function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72880e44-b0e0-47f4-82f0-c36c81091ba8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9592 + metadata: + fofa-query: "wp-content/plugins/paypal-gift-certificate/" + google-query: inurl:"/wp-content/plugins/paypal-gift-certificate/" + shodan-query: 'vuln:CVE-2024-9592' + tags: cve,wordpress,wp-plugin,paypal-gift-certificate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paypal-gift-certificate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paypal-gift-certificate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9595-0c12058c023c26b1446aa326839994fd.yaml b/poc/cve/CVE-2024-9595-0c12058c023c26b1446aa326839994fd.yaml new file mode 100644 index 0000000000..b733e4d092 --- /dev/null +++ b/poc/cve/CVE-2024-9595-0c12058c023c26b1446aa326839994fd.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9595-0c12058c023c26b1446aa326839994fd + +info: + name: > + TablePress <= 2.4.2 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffa3b85c-7d08-4f6a-889e-b75620f72a1a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9595 + metadata: + fofa-query: "wp-content/plugins/tablepress/" + google-query: inurl:"/wp-content/plugins/tablepress/" + shodan-query: 'vuln:CVE-2024-9595' + tags: cve,wordpress,wp-plugin,tablepress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tablepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tablepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9610.yaml b/poc/cve/CVE-2024-9610.yaml new file mode 100644 index 0000000000..be3f48b53f --- /dev/null +++ b/poc/cve/CVE-2024-9610.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9610 + +info: + name: > + Language Switcher <= 3.7.13 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.7.13. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f117fffb-2bbb-4e95-b589-909972db1e5e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9610 + metadata: + fofa-query: "wp-content/plugins/language-switcher/" + google-query: inurl:"/wp-content/plugins/language-switcher/" + shodan-query: 'vuln:CVE-2024-9610' + tags: cve,wordpress,wp-plugin,language-switcher,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/language-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "language-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.13') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9611.yaml b/poc/cve/CVE-2024-9611.yaml new file mode 100644 index 0000000000..05c8493291 --- /dev/null +++ b/poc/cve/CVE-2024-9611.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9611 + +info: + name: > + Increase upload file size & Maximum Execution Time limit <= 2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Increase upload file size & Maximum Execution Time limit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c432dbe-8542-41de-966a-b2699d1685ce?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9611 + metadata: + fofa-query: "wp-content/plugins/increase-upload-file-size-maximum-execution-time-limit/" + google-query: inurl:"/wp-content/plugins/increase-upload-file-size-maximum-execution-time-limit/" + shodan-query: 'vuln:CVE-2024-9611' + tags: cve,wordpress,wp-plugin,increase-upload-file-size-maximum-execution-time-limit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/increase-upload-file-size-maximum-execution-time-limit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "increase-upload-file-size-maximum-execution-time-limit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9616.yaml b/poc/cve/CVE-2024-9616.yaml new file mode 100644 index 0000000000..b7ca035278 --- /dev/null +++ b/poc/cve/CVE-2024-9616.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9616 + +info: + name: > + BlockMeister – Block Pattern Builder <= 3.1.10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The BlockMeister – Block Pattern Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.10. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/584d4517-1152-42fa-9ea9-a9e9ed8996fa?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9616 + metadata: + fofa-query: "wp-content/plugins/blockmeister/" + google-query: inurl:"/wp-content/plugins/blockmeister/" + shodan-query: 'vuln:CVE-2024-9616' + tags: cve,wordpress,wp-plugin,blockmeister,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blockmeister/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blockmeister" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.10') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9656-5e11b0669cd68a7b45a069c732842ecd.yaml b/poc/cve/CVE-2024-9656-5e11b0669cd68a7b45a069c732842ecd.yaml new file mode 100644 index 0000000000..3694fb29dc --- /dev/null +++ b/poc/cve/CVE-2024-9656-5e11b0669cd68a7b45a069c732842ecd.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9656-5e11b0669cd68a7b45a069c732842ecd + +info: + name: > + Mynx Page Builder <= 0.27.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + The Mynx Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73a25208-81fe-4337-a344-1c129bd80862?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9656 + metadata: + fofa-query: "wp-content/plugins/mynx-page-builder/" + google-query: inurl:"/wp-content/plugins/mynx-page-builder/" + shodan-query: 'vuln:CVE-2024-9656' + tags: cve,wordpress,wp-plugin,mynx-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mynx-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mynx-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.27.8') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9670-590d40c02bbb47b092deffa0e1d25829.yaml b/poc/cve/CVE-2024-9670-590d40c02bbb47b092deffa0e1d25829.yaml new file mode 100644 index 0000000000..1a94bee821 --- /dev/null +++ b/poc/cve/CVE-2024-9670-590d40c02bbb47b092deffa0e1d25829.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9670-590d40c02bbb47b092deffa0e1d25829 + +info: + name: > + 2D Tag Cloud <= 6.0.2 - Reflected Cross-Site Scripting via add_query_arg Parameter + author: topscoder + severity: medium + description: > + The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 6.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9dad1be5-ea6c-40fa-bb21-862e7fd8804a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9670 + metadata: + fofa-query: "wp-content/plugins/2d-tag-cloud-widget-by-sujin/" + google-query: inurl:"/wp-content/plugins/2d-tag-cloud-widget-by-sujin/" + shodan-query: 'vuln:CVE-2024-9670' + tags: cve,wordpress,wp-plugin,2d-tag-cloud-widget-by-sujin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/2d-tag-cloud-widget-by-sujin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "2d-tag-cloud-widget-by-sujin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9696-7eb3ceca660ff8ed51fe8b0a6a2f165c.yaml b/poc/cve/CVE-2024-9696-7eb3ceca660ff8ed51fe8b0a6a2f165c.yaml new file mode 100644 index 0000000000..18cdff29df --- /dev/null +++ b/poc/cve/CVE-2024-9696-7eb3ceca660ff8ed51fe8b0a6a2f165c.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9696-7eb3ceca660ff8ed51fe8b0a6a2f165c + +info: + name: > + Rescue Shortcodes <= 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rescue_tab' shortcode in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9517db1f-1704-4f25-9b02-795da3c4c067?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9696 + metadata: + fofa-query: "wp-content/plugins/rescue-shortcodes/" + google-query: inurl:"/wp-content/plugins/rescue-shortcodes/" + shodan-query: 'vuln:CVE-2024-9696' + tags: cve,wordpress,wp-plugin,rescue-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rescue-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rescue-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9704-f21a430d525f14c5222622c2499dbc1f.yaml b/poc/cve/CVE-2024-9704-f21a430d525f14c5222622c2499dbc1f.yaml new file mode 100644 index 0000000000..376e7d5470 --- /dev/null +++ b/poc/cve/CVE-2024-9704-f21a430d525f14c5222622c2499dbc1f.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9704-f21a430d525f14c5222622c2499dbc1f + +info: + name: > + Social Sharing (by Danny) <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + The Social Sharing (by Danny) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dvk_social_sharing' shortcode in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/619ca4b6-95bb-4c87-b8db-78e6d6b79384?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9704 + metadata: + fofa-query: "wp-content/plugins/dvk-social-sharing/" + google-query: inurl:"/wp-content/plugins/dvk-social-sharing/" + shodan-query: 'vuln:CVE-2024-9704' + tags: cve,wordpress,wp-plugin,dvk-social-sharing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dvk-social-sharing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dvk-social-sharing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9707.yaml b/poc/cve/CVE-2024-9707.yaml new file mode 100644 index 0000000000..4416c4299f --- /dev/null +++ b/poc/cve/CVE-2024-9707.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9707 + +info: + name: > + Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation + author: topscoder + severity: high + description: > + The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c101fca-037c-4bed-9dc7-baa021a8b59c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-9707 + metadata: + fofa-query: "wp-content/plugins/hunk-companion/" + google-query: inurl:"/wp-content/plugins/hunk-companion/" + shodan-query: 'vuln:CVE-2024-9707' + tags: cve,wordpress,wp-plugin,hunk-companion,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hunk-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hunk-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9756-64a408f630e792f3ff717cc9822672de.yaml b/poc/cve/CVE-2024-9756-64a408f630e792f3ff717cc9822672de.yaml new file mode 100644 index 0000000000..8df26a421a --- /dev/null +++ b/poc/cve/CVE-2024-9756-64a408f630e792f3ff717cc9822672de.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9756-64a408f630e792f3ff717cc9822672de + +info: + name: > + Order Attachments for WooCommerce 2.0 - 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary File Upload + author: topscoder + severity: low + description: > + The Order Attachments for WooCommerce plugin for WordPress is vulnerable to unauthorized limited arbitrary file uploads due to a missing capability check on the wcoa_add_attachment AJAX action in versions 2.0 to 2.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload limited file types. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0dfc8957-78b8-4c55-ba95-52d95b086341?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-9756 + metadata: + fofa-query: "wp-content/plugins/order-attachments-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/order-attachments-for-woocommerce/" + shodan-query: 'vuln:CVE-2024-9756' + tags: cve,wordpress,wp-plugin,order-attachments-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-attachments-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-attachments-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0', '<= 2.4.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9776-b87b3db31f1eda93892f1d85c0aa0846.yaml b/poc/cve/CVE-2024-9776-b87b3db31f1eda93892f1d85c0aa0846.yaml new file mode 100644 index 0000000000..ec8004e09f --- /dev/null +++ b/poc/cve/CVE-2024-9776-b87b3db31f1eda93892f1d85c0aa0846.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9776-b87b3db31f1eda93892f1d85c0aa0846 + +info: + name: > + ImagePress - Image Gallery <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings + author: topscoder + severity: low + description: > + The ImagePress – Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/655c08e6-4ef2-438e-b381-1bc3748c3771?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-9776 + metadata: + fofa-query: "wp-content/plugins/image-gallery/" + google-query: inurl:"/wp-content/plugins/image-gallery/" + shodan-query: 'vuln:CVE-2024-9776' + tags: cve,wordpress,wp-plugin,image-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9778-f12d8ad8d5a8b1346844c8509cb8d77c.yaml b/poc/cve/CVE-2024-9778-f12d8ad8d5a8b1346844c8509cb8d77c.yaml new file mode 100644 index 0000000000..3c86317cb1 --- /dev/null +++ b/poc/cve/CVE-2024-9778-f12d8ad8d5a8b1346844c8509cb8d77c.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9778-f12d8ad8d5a8b1346844c8509cb8d77c + +info: + name: > + ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepress_admin_page' function. This makes it possible for unauthenticated attackers to update plugin settings, including redirection URLs, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/200b3446-6107-434b-b46d-2078461f3f94?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-9778 + metadata: + fofa-query: "wp-content/plugins/image-gallery/" + google-query: inurl:"/wp-content/plugins/image-gallery/" + shodan-query: 'vuln:CVE-2024-9778' + tags: cve,wordpress,wp-plugin,image-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9821-3c976b43c465f64b4e1fa1afc3ed719b.yaml b/poc/cve/CVE-2024-9821-3c976b43c465f64b4e1fa1afc3ed719b.yaml new file mode 100644 index 0000000000..bbad2fc67a --- /dev/null +++ b/poc/cve/CVE-2024-9821-3c976b43c465f64b4e1fa1afc3ed719b.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9821-3c976b43c465f64b4e1fa1afc3ed719b + +info: + name: > + Bot for Telegram on WooCommerce <= 1.2.4 - Authenticated (Subscriber+) Telegram Bot Token Disclosure to Authentication Bypass + author: topscoder + severity: low + description: > + The Bot for Telegram on WooCommerce plugin for WordPress is vulnerable to sensitive information disclosure due to missing authorization checks on the 'stm_wpcfto_get_settings' AJAX action in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to view the Telegram Bot Token, a secret token used to control the bot, which can then be used to log in as any existing user on the site, such as an administrator, if they know the username, due to the Login with Telegram feature. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a662c904-ba2e-494c-a603-b22eeeddf43d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-9821 + metadata: + fofa-query: "wp-content/plugins/bot-for-telegram-on-woocommerce/" + google-query: inurl:"/wp-content/plugins/bot-for-telegram-on-woocommerce/" + shodan-query: 'vuln:CVE-2024-9821' + tags: cve,wordpress,wp-plugin,bot-for-telegram-on-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bot-for-telegram-on-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bot-for-telegram-on-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9822.yaml b/poc/cve/CVE-2024-9822.yaml new file mode 100644 index 0000000000..41d6f39587 --- /dev/null +++ b/poc/cve/CVE-2024-9822.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9822 + +info: + name: > + Pedalo Connector <= 2.0.5 - Authentication Bypass to Administrator + author: topscoder + severity: critical + description: > + The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the administrator, or if it does not exist, then to the first administrator. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ab0d342-bfa7-4760-b839-37c3354414ca?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-9822 + metadata: + fofa-query: "wp-content/plugins/pedalo-connector/" + google-query: inurl:"/wp-content/plugins/pedalo-connector/" + shodan-query: 'vuln:CVE-2024-9822' + tags: cve,wordpress,wp-plugin,pedalo-connector,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pedalo-connector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pedalo-connector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9824-44742b5dfe15bf136d8b10c8fdb6d6e7.yaml b/poc/cve/CVE-2024-9824-44742b5dfe15bf136d8b10c8fdb6d6e7.yaml new file mode 100644 index 0000000000..871c44c571 --- /dev/null +++ b/poc/cve/CVE-2024-9824-44742b5dfe15bf136d8b10c8fdb6d6e7.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9824-44742b5dfe15bf136d8b10c8fdb6d6e7 + +info: + name: > + ImagePress - Image Gallery <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post Title Update + author: topscoder + severity: low + description: > + The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts and update post titles. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bce6872-34d4-4675-bce9-e1197d801bce?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-9824 + metadata: + fofa-query: "wp-content/plugins/image-gallery/" + google-query: inurl:"/wp-content/plugins/image-gallery/" + shodan-query: 'vuln:CVE-2024-9824' + tags: cve,wordpress,wp-plugin,image-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9860-b04ee97e5d460a289f93568831e0cf5e.yaml b/poc/cve/CVE-2024-9860-b04ee97e5d460a289f93568831e0cf5e.yaml new file mode 100644 index 0000000000..92bd37d2f2 --- /dev/null +++ b/poc/cve/CVE-2024-9860-b04ee97e5d460a289f93568831e0cf5e.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9860-b04ee97e5d460a289f93568831e0cf5e + +info: + name: > + Bridge Core <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Demo Import + author: topscoder + severity: low + description: > + The Bridge Core plugin for WordPress is vulnerable to unauthorized modification of data or loss of data due to a missing capability check on the 'import_action' and 'install_plugin_per_demo' functions in versions up to, and including, 3.3. This makes it possible for authenticated attackers with subscriber-level permissions or above, to delete or change plugin settings, import demo data, and install limited plugins. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/968d5d31-2592-4bed-9d18-5877f0d6062e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L + cvss-score: 6.5 + cve-id: CVE-2024-9860 + metadata: + fofa-query: "wp-content/plugins/bridge-core/" + google-query: inurl:"/wp-content/plugins/bridge-core/" + shodan-query: 'vuln:CVE-2024-9860' + tags: cve,wordpress,wp-plugin,bridge-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bridge-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bridge-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/poc/cve/cve-2004-0519-1306.yaml b/poc/cve/cve-2004-0519-1306.yaml index 0efe0f4a4e..86da54f93e 100644 --- a/poc/cve/cve-2004-0519-1306.yaml +++ b/poc/cve/cve-2004-0519-1306.yaml @@ -1,4 +1,5 @@ id: CVE-2004-0519 + info: name: SquirrelMail 1.4.x - Folder Name Cross-Site Scripting author: dhiyaneshDk @@ -6,19 +7,23 @@ info: description: "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php." reference: https://www.exploit-db.com/exploits/24068 tags: xss,squirrelmail,cve2004,cve + requests: - method: GET path: - '{{BaseURL}}/mail/src/compose.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + matchers-condition: and matchers: - type: status status: - 200 + - type: word part: body words: - "" + - type: word part: header words: diff --git a/poc/cve/cve-2018-11784-3214.yaml b/poc/cve/cve-2018-11784-3214.yaml index 29bc70519a..0dca4eab1e 100644 --- a/poc/cve/cve-2018-11784-3214.yaml +++ b/poc/cve/cve-2018-11784-3214.yaml @@ -1,4 +1,5 @@ id: CVE-2018-11784 + info: name: Apache Tomcat Open Redirect author: geeknik @@ -11,10 +12,12 @@ info: cvss-score: 4.30 cve-id: CVE-2018-11784 cwe-id: CWE-601 + requests: - method: GET path: - "{{BaseURL}}//example.com" + matchers: - type: regex regex: diff --git a/poc/cve/cve-2018-16761-3398.yaml b/poc/cve/cve-2018-16761-3398.yaml index 3e9275f9ac..eea41f7f98 100644 --- a/poc/cve/cve-2018-16761-3398.yaml +++ b/poc/cve/cve-2018-16761-3398.yaml @@ -1,4 +1,5 @@ id: CVE-2018-16761 + info: name: Eventum v3.3.4 - Open Redirect author: 0x_Akoko @@ -13,11 +14,13 @@ info: cve-id: CVE-2018-16761 cwe-id: CWE-601 tags: cve,cve2018,redirect,eventum + requests: - method: GET path: - '{{BaseURL}}/eventum/htdocs/select_project.php?url=http://example.com' - '{{BaseURL}}/eventum/htdocs/clock_status.php?current_page=http://example.com' + matchers: - type: regex part: header diff --git a/poc/cve/cve-2018-19439-3475.yaml b/poc/cve/cve-2018-19439-3475.yaml index 9ad0752202..ba2f295d30 100644 --- a/poc/cve/cve-2018-19439-3475.yaml +++ b/poc/cve/cve-2018-19439-3475.yaml @@ -1,4 +1,5 @@ id: CVE-2018-19439 + info: name: Cross Site Scripting in Oracle Secure Global Desktop Administration Console author: madrobot,dwisiswant0 @@ -14,6 +15,7 @@ info: - http://www.securityfocus.com/bid/106006 - http://seclists.org/fulldisclosure/2018/Nov/58 - http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html + requests: - method: GET path: diff --git a/poc/cve/cve-2018-8719-3640.yaml b/poc/cve/cve-2018-8719-3640.yaml index 8978157b26..022985a814 100644 --- a/poc/cve/cve-2018-8719-3640.yaml +++ b/poc/cve/cve-2018-8719-3640.yaml @@ -1,4 +1,5 @@ id: CVE-2018-8719 + info: name: WordPress Plugin WP Security Audit Log 3.1.1 - Information Disclosure author: LogicalHunter @@ -14,15 +15,18 @@ info: cvss-score: 5.30 cve-id: CVE-2018-8719 cwe-id: CWE-532 + requests: - method: GET path: - "{{BaseURL}}/wp-content/uploads/wp-security-audit-log/failed-logins/" + matchers-condition: and matchers: - type: status status: - 200 + - type: word words: - "[TXT]" diff --git a/poc/cve/cve-2019-15713-3884.yaml b/poc/cve/cve-2019-15713-3884.yaml index 72094546ac..052732aa1e 100644 --- a/poc/cve/cve-2019-15713-3884.yaml +++ b/poc/cve/cve-2019-15713-3884.yaml @@ -1,4 +1,5 @@ id: CVE-2019-15713 + info: name: My Calendar <= 3.1.9 - Reflected Cross-Site Scripting (XSS) author: daffainfo,dhiyaneshDk @@ -13,20 +14,24 @@ info: cvss-score: 6.10 cve-id: CVE-2019-15713 cwe-id: CWE-79 + requests: - method: GET path: - '{{BaseURL}}/?rsd=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + matchers-condition: and matchers: - type: word words: - "" part: body + - type: word part: header words: - text/html + - type: status status: - 200 diff --git a/poc/cve/cve-2019-20141-4079.yaml b/poc/cve/cve-2019-20141-4079.yaml index 7531b969e6..43d20edb98 100644 --- a/poc/cve/cve-2019-20141-4079.yaml +++ b/poc/cve/cve-2019-20141-4079.yaml @@ -1,4 +1,5 @@ id: CVE-2019-20141 + info: name: Neon Dashboard - XSS Reflected author: knassar702 @@ -11,18 +12,21 @@ info: cvss-score: 6.10 cve-id: CVE-2019-20141 cwe-id: CWE-79 + requests: - method: GET path: - '{{BaseURL}}/data/autosuggest-remote.php?q=">' - '{{BaseURL}}/admin/data/autosuggest-remote.php?q=">' + matchers-condition: and matchers: - type: word words: - ">>)1(trela=rorreno" part: body + - type: word words: - "text/html" - part: header + part: header \ No newline at end of file diff --git a/poc/cve/cve-2019-5127-4160.yaml b/poc/cve/cve-2019-5127-4160.yaml index 83fd7c7a02..07c1505179 100644 --- a/poc/cve/cve-2019-5127-4160.yaml +++ b/poc/cve/cve-2019-5127-4160.yaml @@ -1,4 +1,5 @@ id: CVE-2019-5127 + info: name: YouPHPTube Encoder RCE author: pikpikcu @@ -11,6 +12,7 @@ info: cvss-score: 9.80 cve-id: CVE-2019-5127 cwe-id: CWE-78 + requests: - method: GET path: @@ -24,6 +26,7 @@ requests: - "{{BaseURL}}/objects/nuclei.txt" headers: Content-Type: application/x-www-form-urlencoded + matchers-condition: and matchers: - type: word @@ -33,10 +36,12 @@ requests: - "groups=" condition: and part: body + - type: word words: - text/plain part: header + - type: status status: - 200 diff --git a/poc/cve/cve-2019-8937-4274.yaml b/poc/cve/cve-2019-8937-4274.yaml index d6ae2b80e0..3a09c5cd0b 100644 --- a/poc/cve/cve-2019-8937-4274.yaml +++ b/poc/cve/cve-2019-8937-4274.yaml @@ -1,4 +1,5 @@ id: CVE-2019-8937 + info: name: HotelDruid 2.3.0 - XSS author: LogicalHunter @@ -11,6 +12,7 @@ info: cve-id: CVE-2019-8937 cwe-id: CWE-79 description: "HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php." + requests: - method: GET path: @@ -27,6 +29,7 @@ requests: words: - '"' part: body + - type: word words: - "text/html" diff --git a/poc/cve/cve-2021-21975-5561.yaml b/poc/cve/cve-2021-21975-5561.yaml index 47159089ed..043597989c 100644 --- a/poc/cve/cve-2021-21975-5561.yaml +++ b/poc/cve/cve-2021-21975-5561.yaml @@ -1,4 +1,5 @@ id: CVE-2021-21975 + info: name: vRealize Operations Manager API SSRF (VMWare Operations) author: luci @@ -11,6 +12,7 @@ info: cvss-score: 7.50 cve-id: CVE-2021-21975 cwe-id: CWE-918 + requests: - raw: - | @@ -19,6 +21,7 @@ requests: Content-Type: application/json;charset=UTF-8 ["127.0.0.1:443/ui/"] + matchers-condition: and matchers: - type: word diff --git a/poc/open_redirect/simple-membership-after-login-redirection.yaml b/poc/open_redirect/simple-membership-after-login-redirection.yaml new file mode 100644 index 0000000000..18bc82800f --- /dev/null +++ b/poc/open_redirect/simple-membership-after-login-redirection.yaml @@ -0,0 +1,59 @@ +id: simple-membership-after-login-redirection + +info: + name: > + Simple Membership After Login Redirection <= 1.6 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f959e61-16cf-4260-b21b-8edb95a3cd65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership-after-login-redirection/" + google-query: inurl:"/wp-content/plugins/simple-membership-after-login-redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership-after-login-redirection,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership-after-login-redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership-after-login-redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/poc/other/2d-tag-cloud-widget-by-sujin-f775dedf778f01d96f3cf104b4a5ff00.yaml b/poc/other/2d-tag-cloud-widget-by-sujin-f775dedf778f01d96f3cf104b4a5ff00.yaml new file mode 100644 index 0000000000..75899ac4e9 --- /dev/null +++ b/poc/other/2d-tag-cloud-widget-by-sujin-f775dedf778f01d96f3cf104b4a5ff00.yaml @@ -0,0 +1,59 @@ +id: 2d-tag-cloud-widget-by-sujin-f775dedf778f01d96f3cf104b4a5ff00 + +info: + name: > + 2D Tag Cloud <= 6.0.2 - Reflected Cross-Site Scripting via add_query_arg Parameter + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9dad1be5-ea6c-40fa-bb21-862e7fd8804a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/2d-tag-cloud-widget-by-sujin/" + google-query: inurl:"/wp-content/plugins/2d-tag-cloud-widget-by-sujin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,2d-tag-cloud-widget-by-sujin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/2d-tag-cloud-widget-by-sujin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "2d-tag-cloud-widget-by-sujin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.2') \ No newline at end of file diff --git a/poc/other/addon-elements-for-elementor-page-builder-1c9e26180c0458c7b22a8f5c9fac5359.yaml b/poc/other/addon-elements-for-elementor-page-builder-1c9e26180c0458c7b22a8f5c9fac5359.yaml new file mode 100644 index 0000000000..3279c0b7d1 --- /dev/null +++ b/poc/other/addon-elements-for-elementor-page-builder-1c9e26180c0458c7b22a8f5c9fac5359.yaml @@ -0,0 +1,59 @@ +id: addon-elements-for-elementor-page-builder-1c9e26180c0458c7b22a8f5c9fac5359 + +info: + name: > + Elementor Addon Elements <= 1.13.8 - Authenticated (Contributor+) Sensitive Information Exposure via table_saved_sections + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7317ecf5-d43d-4080-ad2a-7644764dd41e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.8') \ No newline at end of file diff --git a/poc/other/automatically-hierarchic-categories-in-menu.yaml b/poc/other/automatically-hierarchic-categories-in-menu.yaml new file mode 100644 index 0000000000..f09ec7bb15 --- /dev/null +++ b/poc/other/automatically-hierarchic-categories-in-menu.yaml @@ -0,0 +1,59 @@ +id: automatically-hierarchic-categories-in-menu + +info: + name: > + Automatically Hierarchic Categories in Menu <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9fe53e3-1916-4de2-91a6-83e823fc6e91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/automatically-hierarchic-categories-in-menu/" + google-query: inurl:"/wp-content/plugins/automatically-hierarchic-categories-in-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,automatically-hierarchic-categories-in-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/automatically-hierarchic-categories-in-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "automatically-hierarchic-categories-in-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/poc/other/category-icon-1ba7a71509a41771343e0fdcceeb4a9f.yaml b/poc/other/category-icon-1ba7a71509a41771343e0fdcceeb4a9f.yaml new file mode 100644 index 0000000000..1a89ecc86a --- /dev/null +++ b/poc/other/category-icon-1ba7a71509a41771343e0fdcceeb4a9f.yaml @@ -0,0 +1,59 @@ +id: category-icon-1ba7a71509a41771343e0fdcceeb4a9f + +info: + name: > + Category Icon <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1dc4acdc-754f-4ee0-947d-ff0c277e8181?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/category-icon/" + google-query: inurl:"/wp-content/plugins/category-icon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,category-icon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/category-icon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "category-icon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/poc/other/copyscape-premium.yaml b/poc/other/copyscape-premium.yaml new file mode 100644 index 0000000000..c20661deb4 --- /dev/null +++ b/poc/other/copyscape-premium.yaml @@ -0,0 +1,59 @@ +id: copyscape-premium + +info: + name: > + Copyscape Premium <= 1.3.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9370c320-b3bc-4965-9cc7-b2bf3a24e251?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/copyscape-premium/" + google-query: inurl:"/wp-content/plugins/copyscape-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,copyscape-premium,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/copyscape-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "copyscape-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/poc/other/cozy-addons.yaml b/poc/other/cozy-addons.yaml new file mode 100644 index 0000000000..76ba7679ee --- /dev/null +++ b/poc/other/cozy-addons.yaml @@ -0,0 +1,59 @@ +id: cozy-addons + +info: + name: > + Cozy Blocks <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b81a643-e04a-4e7f-91dd-9241fdd1a3ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cozy-addons/" + google-query: inurl:"/wp-content/plugins/cozy-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cozy-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cozy-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cozy-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.11') \ No newline at end of file diff --git a/poc/other/create.yaml b/poc/other/create.yaml new file mode 100644 index 0000000000..582b0ff1c4 --- /dev/null +++ b/poc/other/create.yaml @@ -0,0 +1,59 @@ +id: create + +info: + name: > + Create <= 2.9.1 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44445c44-5ae0-4f2b-8096-aa94ae5ff0b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/create/" + google-query: inurl:"/wp-content/themes/create/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,create,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/create/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "create" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.1') \ No newline at end of file diff --git a/poc/other/full-frame.yaml b/poc/other/full-frame.yaml new file mode 100644 index 0000000000..42aa1effb8 --- /dev/null +++ b/poc/other/full-frame.yaml @@ -0,0 +1,59 @@ +id: full-frame + +info: + name: > + Full frame <= 2.7.2 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b95baf58-bd99-4682-b2eb-46a402c62c03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/full-frame/" + google-query: inurl:"/wp-content/themes/full-frame/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,full-frame,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/full-frame/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "full-frame" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.2') \ No newline at end of file diff --git a/poc/other/gallery-lightbox-slider.yaml b/poc/other/gallery-lightbox-slider.yaml new file mode 100644 index 0000000000..90ce3c8fea --- /dev/null +++ b/poc/other/gallery-lightbox-slider.yaml @@ -0,0 +1,59 @@ +id: gallery-lightbox-slider + +info: + name: > + Gallery Lightbox <= 1.0.0.39 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a9fb50-8ab1-43e3-b618-d92fa50b3e07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-lightbox-slider/" + google-query: inurl:"/wp-content/plugins/gallery-lightbox-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-lightbox-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-lightbox-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-lightbox-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0.39') \ No newline at end of file diff --git a/poc/other/gutenkit-blocks-addon.yaml b/poc/other/gutenkit-blocks-addon.yaml new file mode 100644 index 0000000000..f66de1268a --- /dev/null +++ b/poc/other/gutenkit-blocks-addon.yaml @@ -0,0 +1,59 @@ +id: gutenkit-blocks-addon + +info: + name: > + GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e44c5dc0-6bf6-417a-9383-b345ff57ac32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gutenkit-blocks-addon/" + google-query: inurl:"/wp-content/plugins/gutenkit-blocks-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gutenkit-blocks-addon,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gutenkit-blocks-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gutenkit-blocks-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/poc/other/hunk-companion.yaml b/poc/other/hunk-companion.yaml new file mode 100644 index 0000000000..158086653e --- /dev/null +++ b/poc/other/hunk-companion.yaml @@ -0,0 +1,59 @@ +id: hunk-companion + +info: + name: > + Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c101fca-037c-4bed-9dc7-baa021a8b59c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hunk-companion/" + google-query: inurl:"/wp-content/plugins/hunk-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hunk-companion,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hunk-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hunk-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.4') \ No newline at end of file diff --git a/poc/other/iconize.yaml b/poc/other/iconize.yaml new file mode 100644 index 0000000000..77ded602dd --- /dev/null +++ b/poc/other/iconize.yaml @@ -0,0 +1,59 @@ +id: iconize + +info: + name: > + Iconize <= 1.2.4 - Authenticated (Admin+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/431bcb93-396f-470b-94c9-66a9a2973552?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iconize/" + google-query: inurl:"/wp-content/plugins/iconize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iconize,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iconize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iconize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/poc/other/image-gallery-5cfbe2b947bf468de048d29d22757022.yaml b/poc/other/image-gallery-5cfbe2b947bf468de048d29d22757022.yaml new file mode 100644 index 0000000000..28b49fbf08 --- /dev/null +++ b/poc/other/image-gallery-5cfbe2b947bf468de048d29d22757022.yaml @@ -0,0 +1,59 @@ +id: image-gallery-5cfbe2b947bf468de048d29d22757022 + +info: + name: > + ImagePress - Image Gallery <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post Title Update + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bce6872-34d4-4675-bce9-e1197d801bce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-gallery/" + google-query: inurl:"/wp-content/plugins/image-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/poc/other/image-gallery-8c902b296c6de2f23311d1cc4dcb0519.yaml b/poc/other/image-gallery-8c902b296c6de2f23311d1cc4dcb0519.yaml new file mode 100644 index 0000000000..42aa389832 --- /dev/null +++ b/poc/other/image-gallery-8c902b296c6de2f23311d1cc4dcb0519.yaml @@ -0,0 +1,59 @@ +id: image-gallery-8c902b296c6de2f23311d1cc4dcb0519 + +info: + name: > + ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/200b3446-6107-434b-b46d-2078461f3f94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-gallery/" + google-query: inurl:"/wp-content/plugins/image-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/poc/other/image-gallery-a62704cbf770b776cbd66d817df952f0.yaml b/poc/other/image-gallery-a62704cbf770b776cbd66d817df952f0.yaml new file mode 100644 index 0000000000..e7d143f2a0 --- /dev/null +++ b/poc/other/image-gallery-a62704cbf770b776cbd66d817df952f0.yaml @@ -0,0 +1,59 @@ +id: image-gallery-a62704cbf770b776cbd66d817df952f0 + +info: + name: > + ImagePress - Image Gallery <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/655c08e6-4ef2-438e-b381-1bc3748c3771?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-gallery/" + google-query: inurl:"/wp-content/plugins/image-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/poc/other/include-fussball-de-widgets.yaml b/poc/other/include-fussball-de-widgets.yaml new file mode 100644 index 0000000000..6c8ebdcbc4 --- /dev/null +++ b/poc/other/include-fussball-de-widgets.yaml @@ -0,0 +1,59 @@ +id: include-fussball-de-widgets + +info: + name: > + Include Fussball.de Widgets <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27a48196-60c5-45c4-8d60-c563183fab66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/include-fussball-de-widgets/" + google-query: inurl:"/wp-content/plugins/include-fussball-de-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,include-fussball-de-widgets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/include-fussball-de-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "include-fussball-de-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.0') \ No newline at end of file diff --git a/poc/other/language-switcher.yaml b/poc/other/language-switcher.yaml new file mode 100644 index 0000000000..cb64ddd94c --- /dev/null +++ b/poc/other/language-switcher.yaml @@ -0,0 +1,59 @@ +id: language-switcher + +info: + name: > + Language Switcher <= 3.7.13 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f117fffb-2bbb-4e95-b589-909972db1e5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/language-switcher/" + google-query: inurl:"/wp-content/plugins/language-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,language-switcher,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/language-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "language-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.13') \ No newline at end of file diff --git a/poc/other/linkz-ai.yaml b/poc/other/linkz-ai.yaml new file mode 100644 index 0000000000..e38402f4df --- /dev/null +++ b/poc/other/linkz-ai.yaml @@ -0,0 +1,59 @@ +id: linkz-ai + +info: + name: > + Linkz.ai <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4b4ca5b-c806-4b68-acb8-6b63d6ca5728?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/linkz-ai/" + google-query: inurl:"/wp-content/plugins/linkz-ai/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,linkz-ai,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/linkz-ai/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "linkz-ai" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/poc/other/maxslider.yaml b/poc/other/maxslider.yaml new file mode 100644 index 0000000000..790ea6aeeb --- /dev/null +++ b/poc/other/maxslider.yaml @@ -0,0 +1,59 @@ +id: maxslider + +info: + name: > + MaxSlider <= 1.2.3 - Authenticated (Contributor+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f8430e8-c349-4425-be4a-0e9d4d80c438?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maxslider/" + google-query: inurl:"/wp-content/plugins/maxslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maxslider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maxslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maxslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/poc/other/metasync.yaml b/poc/other/metasync.yaml new file mode 100644 index 0000000000..e4cddd9a53 --- /dev/null +++ b/poc/other/metasync.yaml @@ -0,0 +1,59 @@ +id: metasync + +info: + name: > + Search Atlas SEO <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1a20ca8-8eb8-4247-9145-63bcb0d5d681?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metasync/" + google-query: inurl:"/wp-content/plugins/metasync/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metasync,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metasync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metasync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/poc/other/mynx-page-builder-e5ef52784bd604a03534c96c5c5b985d.yaml b/poc/other/mynx-page-builder-e5ef52784bd604a03534c96c5c5b985d.yaml new file mode 100644 index 0000000000..aefd5e4c99 --- /dev/null +++ b/poc/other/mynx-page-builder-e5ef52784bd604a03534c96c5c5b985d.yaml @@ -0,0 +1,59 @@ +id: mynx-page-builder-e5ef52784bd604a03534c96c5c5b985d + +info: + name: > + Mynx Page Builder <= 0.27.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73a25208-81fe-4337-a344-1c129bd80862?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mynx-page-builder/" + google-query: inurl:"/wp-content/plugins/mynx-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mynx-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mynx-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mynx-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.27.8') \ No newline at end of file diff --git a/poc/other/paypal-gift-certificate-7a1c89e0233f23e5f8c8d08caace9488.yaml b/poc/other/paypal-gift-certificate-7a1c89e0233f23e5f8c8d08caace9488.yaml new file mode 100644 index 0000000000..28a1f87419 --- /dev/null +++ b/poc/other/paypal-gift-certificate-7a1c89e0233f23e5f8c8d08caace9488.yaml @@ -0,0 +1,59 @@ +id: paypal-gift-certificate-7a1c89e0233f23e5f8c8d08caace9488 + +info: + name: > + Easy PayPal Gift Certificate <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wpppgc_plugin_options + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72880e44-b0e0-47f4-82f0-c36c81091ba8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paypal-gift-certificate/" + google-query: inurl:"/wp-content/plugins/paypal-gift-certificate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paypal-gift-certificate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paypal-gift-certificate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paypal-gift-certificate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/poc/other/pedalo-connector.yaml b/poc/other/pedalo-connector.yaml new file mode 100644 index 0000000000..512c4b9943 --- /dev/null +++ b/poc/other/pedalo-connector.yaml @@ -0,0 +1,59 @@ +id: pedalo-connector + +info: + name: > + Pedalo Connector <= 2.0.5 - Authentication Bypass to Administrator + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ab0d342-bfa7-4760-b839-37c3354414ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pedalo-connector/" + google-query: inurl:"/wp-content/plugins/pedalo-connector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pedalo-connector,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pedalo-connector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pedalo-connector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/poc/other/read-more-948d18a9ecd43f2950c17fb1b54f2e66.yaml b/poc/other/read-more-948d18a9ecd43f2950c17fb1b54f2e66.yaml new file mode 100644 index 0000000000..9244c395d6 --- /dev/null +++ b/poc/other/read-more-948d18a9ecd43f2950c17fb1b54f2e66.yaml @@ -0,0 +1,59 @@ +id: read-more-948d18a9ecd43f2950c17fb1b54f2e66 + +info: + name: > + Read more By Adam <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Read More Button Deletion + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ebc8d0d-04b6-49a0-96c1-7c6d930009d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/read-more/" + google-query: inurl:"/wp-content/plugins/read-more/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,read-more,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/read-more/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "read-more" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/poc/other/rescue-shortcodes-5be8dc0066a80e59bb7593a87c0fc14c.yaml b/poc/other/rescue-shortcodes-5be8dc0066a80e59bb7593a87c0fc14c.yaml new file mode 100644 index 0000000000..ecd15c0384 --- /dev/null +++ b/poc/other/rescue-shortcodes-5be8dc0066a80e59bb7593a87c0fc14c.yaml @@ -0,0 +1,59 @@ +id: rescue-shortcodes-5be8dc0066a80e59bb7593a87c0fc14c + +info: + name: > + Rescue Shortcodes <= 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9517db1f-1704-4f25-9b02-795da3c4c067?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rescue-shortcodes/" + google-query: inurl:"/wp-content/plugins/rescue-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rescue-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rescue-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rescue-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8') \ No newline at end of file diff --git a/poc/other/responsive-client-logo-carousel-slider.yaml b/poc/other/responsive-client-logo-carousel-slider.yaml new file mode 100644 index 0000000000..e22d9bb036 --- /dev/null +++ b/poc/other/responsive-client-logo-carousel-slider.yaml @@ -0,0 +1,59 @@ +id: responsive-client-logo-carousel-slider + +info: + name: > + Logo Carousel – Clients logo carousel for WP <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e694ef1a-3e81-4995-a96b-2417cb308ce6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-client-logo-carousel-slider/" + google-query: inurl:"/wp-content/plugins/responsive-client-logo-carousel-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-client-logo-carousel-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-client-logo-carousel-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-client-logo-carousel-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/poc/other/revisionary.yaml b/poc/other/revisionary.yaml new file mode 100644 index 0000000000..921d4470a0 --- /dev/null +++ b/poc/other/revisionary.yaml @@ -0,0 +1,59 @@ +id: revisionary + +info: + name: > + PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.14 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/982bc924-1dcd-47b5-b15a-4ff0ad123ad1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/revisionary/" + google-query: inurl:"/wp-content/plugins/revisionary/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,revisionary,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/revisionary/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revisionary" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.14') \ No newline at end of file diff --git a/poc/other/stackable-ultimate-gutenberg-blocks-290415cadef9c19a55802d0694d0c4ba.yaml b/poc/other/stackable-ultimate-gutenberg-blocks-290415cadef9c19a55802d0694d0c4ba.yaml new file mode 100644 index 0000000000..54a11b81e1 --- /dev/null +++ b/poc/other/stackable-ultimate-gutenberg-blocks-290415cadef9c19a55802d0694d0c4ba.yaml @@ -0,0 +1,59 @@ +id: stackable-ultimate-gutenberg-blocks-290415cadef9c19a55802d0694d0c4ba + +info: + name: > + Stackable – Page Builder Gutenberg Blocks <= 3.13.6 - Unauthenticated CSS Injection + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fd0b13c-7447-45da-9608-80b7629d9bbf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stackable-ultimate-gutenberg-blocks/" + google-query: inurl:"/wp-content/plugins/stackable-ultimate-gutenberg-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stackable-ultimate-gutenberg-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stackable-ultimate-gutenberg-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stackable-ultimate-gutenberg-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.13.6') \ No newline at end of file diff --git a/poc/other/tablepress-32c13893c2404906ff08443b389c0f94.yaml b/poc/other/tablepress-32c13893c2404906ff08443b389c0f94.yaml new file mode 100644 index 0000000000..054dee2cd2 --- /dev/null +++ b/poc/other/tablepress-32c13893c2404906ff08443b389c0f94.yaml @@ -0,0 +1,59 @@ +id: tablepress-32c13893c2404906ff08443b389c0f94 + +info: + name: > + TablePress <= 2.4.2 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffa3b85c-7d08-4f6a-889e-b75620f72a1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tablepress/" + google-query: inurl:"/wp-content/plugins/tablepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tablepress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tablepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tablepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/poc/other/the-events-calendar-a1141cabd552a0d37d25ef7fd91f243f.yaml b/poc/other/the-events-calendar-a1141cabd552a0d37d25ef7fd91f243f.yaml new file mode 100644 index 0000000000..32d4104e86 --- /dev/null +++ b/poc/other/the-events-calendar-a1141cabd552a0d37d25ef7fd91f243f.yaml @@ -0,0 +1,59 @@ +id: the-events-calendar-a1141cabd552a0d37d25ef7fd91f243f + +info: + name: > + The Events Calendar <= 6.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6df29b14-0c9d-4ecf-96be-8c39c93121e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-events-calendar/" + google-query: inurl:"/wp-content/plugins/the-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-events-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.6.3') \ No newline at end of file diff --git a/poc/other/tiny-compress-images.yaml b/poc/other/tiny-compress-images.yaml new file mode 100644 index 0000000000..a808380b7e --- /dev/null +++ b/poc/other/tiny-compress-images.yaml @@ -0,0 +1,59 @@ +id: tiny-compress-images + +info: + name: > + TinyPNG <= 3.4.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e44d85d-6bde-4194-8f33-5db6dacf544c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tiny-compress-images/" + google-query: inurl:"/wp-content/plugins/tiny-compress-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tiny-compress-images,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tiny-compress-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tiny-compress-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.3') \ No newline at end of file diff --git a/poc/other/vdocipher.yaml b/poc/other/vdocipher.yaml new file mode 100644 index 0000000000..39e5a744b3 --- /dev/null +++ b/poc/other/vdocipher.yaml @@ -0,0 +1,59 @@ +id: vdocipher + +info: + name: > + VdoCipher <= 1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae7fa018-c87f-463b-84a3-bbe71b73d3dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vdocipher/" + google-query: inurl:"/wp-content/plugins/vdocipher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vdocipher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vdocipher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vdocipher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.29') \ No newline at end of file diff --git a/poc/other/video-embed-privacy.yaml b/poc/other/video-embed-privacy.yaml new file mode 100644 index 0000000000..ae2645c07e --- /dev/null +++ b/poc/other/video-embed-privacy.yaml @@ -0,0 +1,59 @@ +id: video-embed-privacy + +info: + name: > + Embed videos and respect privacy <= 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/487e5add-726c-4cfc-b86e-bb4eeec168a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-embed-privacy/" + google-query: inurl:"/wp-content/plugins/video-embed-privacy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-embed-privacy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-embed-privacy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-embed-privacy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/poc/other/woo-save-abandoned-carts.yaml b/poc/other/woo-save-abandoned-carts.yaml new file mode 100644 index 0000000000..14cfeb43af --- /dev/null +++ b/poc/other/woo-save-abandoned-carts.yaml @@ -0,0 +1,59 @@ +id: woo-save-abandoned-carts + +info: + name: > + CartBounty – Save and recover abandoned carts for WooCommerce <= 8.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1666170c-6489-4fbb-8356-f1a7790d74d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-save-abandoned-carts/" + google-query: inurl:"/wp-content/plugins/woo-save-abandoned-carts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-save-abandoned-carts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-save-abandoned-carts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-save-abandoned-carts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2') \ No newline at end of file diff --git a/poc/other/xl-tab.yaml b/poc/other/xl-tab.yaml new file mode 100644 index 0000000000..fd60c9c9d1 --- /dev/null +++ b/poc/other/xl-tab.yaml @@ -0,0 +1,59 @@ +id: xl-tab + +info: + name: > + XLTab – Accordions and Tabs for Elementor Page Builder <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f958a43-1753-4605-9e98-ba1468f75ab0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xl-tab/" + google-query: inurl:"/wp-content/plugins/xl-tab/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xl-tab,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xl-tab/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xl-tab" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/poc/remote_code_execution/bot-for-telegram-on-woocommerce-95e4471cf7b0cdfb6c9aec1a9d40a0ae.yaml b/poc/remote_code_execution/bot-for-telegram-on-woocommerce-95e4471cf7b0cdfb6c9aec1a9d40a0ae.yaml new file mode 100644 index 0000000000..4deaf27748 --- /dev/null +++ b/poc/remote_code_execution/bot-for-telegram-on-woocommerce-95e4471cf7b0cdfb6c9aec1a9d40a0ae.yaml @@ -0,0 +1,59 @@ +id: bot-for-telegram-on-woocommerce-95e4471cf7b0cdfb6c9aec1a9d40a0ae + +info: + name: > + Bot for Telegram on WooCommerce <= 1.2.4 - Authenticated (Subscriber+) Telegram Bot Token Disclosure to Authentication Bypass + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a662c904-ba2e-494c-a603-b22eeeddf43d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bot-for-telegram-on-woocommerce/" + google-query: inurl:"/wp-content/plugins/bot-for-telegram-on-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bot-for-telegram-on-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bot-for-telegram-on-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bot-for-telegram-on-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/poc/remote_code_execution/order-attachments-for-woocommerce-d72cf819fcb5997a2922f8848f39656f.yaml b/poc/remote_code_execution/order-attachments-for-woocommerce-d72cf819fcb5997a2922f8848f39656f.yaml new file mode 100644 index 0000000000..4bbbeb856b --- /dev/null +++ b/poc/remote_code_execution/order-attachments-for-woocommerce-d72cf819fcb5997a2922f8848f39656f.yaml @@ -0,0 +1,59 @@ +id: order-attachments-for-woocommerce-d72cf819fcb5997a2922f8848f39656f + +info: + name: > + Order Attachments for WooCommerce 2.0 - 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0dfc8957-78b8-4c55-ba95-52d95b086341?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/order-attachments-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/order-attachments-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,order-attachments-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-attachments-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-attachments-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0', '<= 2.4.1') \ No newline at end of file diff --git a/poc/search/ajax-search-lite-e7ba06e90ec10cb19dc2494089497f4f.yaml b/poc/search/ajax-search-lite-e7ba06e90ec10cb19dc2494089497f4f.yaml new file mode 100644 index 0000000000..9e38da9be7 --- /dev/null +++ b/poc/search/ajax-search-lite-e7ba06e90ec10cb19dc2494089497f4f.yaml @@ -0,0 +1,59 @@ +id: ajax-search-lite-e7ba06e90ec10cb19dc2494089497f4f + +info: + name: > + Ajax Search Lite <= 4.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1cc3dbe-26e3-478f-9574-f57ffa0f50c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-search-lite/" + google-query: inurl:"/wp-content/plugins/ajax-search-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-search-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-search-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-search-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.12.1') \ No newline at end of file diff --git a/poc/social/dvk-social-sharing-89c738e746dab8d430975f04439c54b6.yaml b/poc/social/dvk-social-sharing-89c738e746dab8d430975f04439c54b6.yaml new file mode 100644 index 0000000000..4804f9e014 --- /dev/null +++ b/poc/social/dvk-social-sharing-89c738e746dab8d430975f04439c54b6.yaml @@ -0,0 +1,59 @@ +id: dvk-social-sharing-89c738e746dab8d430975f04439c54b6 + +info: + name: > + Social Sharing (by Danny) <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/619ca4b6-95bb-4c87-b8db-78e6d6b79384?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dvk-social-sharing/" + google-query: inurl:"/wp-content/plugins/dvk-social-sharing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dvk-social-sharing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dvk-social-sharing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dvk-social-sharing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/poc/sql/CVE-2024-9704-f21a430d525f14c5222622c2499dbc1f.yaml b/poc/sql/CVE-2024-9704-f21a430d525f14c5222622c2499dbc1f.yaml new file mode 100644 index 0000000000..376e7d5470 --- /dev/null +++ b/poc/sql/CVE-2024-9704-f21a430d525f14c5222622c2499dbc1f.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9704-f21a430d525f14c5222622c2499dbc1f + +info: + name: > + Social Sharing (by Danny) <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + The Social Sharing (by Danny) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dvk_social_sharing' shortcode in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/619ca4b6-95bb-4c87-b8db-78e6d6b79384?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9704 + metadata: + fofa-query: "wp-content/plugins/dvk-social-sharing/" + google-query: inurl:"/wp-content/plugins/dvk-social-sharing/" + shodan-query: 'vuln:CVE-2024-9704' + tags: cve,wordpress,wp-plugin,dvk-social-sharing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dvk-social-sharing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dvk-social-sharing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/poc/sql/CVE-2024-9776-b87b3db31f1eda93892f1d85c0aa0846.yaml b/poc/sql/CVE-2024-9776-b87b3db31f1eda93892f1d85c0aa0846.yaml new file mode 100644 index 0000000000..ec8004e09f --- /dev/null +++ b/poc/sql/CVE-2024-9776-b87b3db31f1eda93892f1d85c0aa0846.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9776-b87b3db31f1eda93892f1d85c0aa0846 + +info: + name: > + ImagePress - Image Gallery <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings + author: topscoder + severity: low + description: > + The ImagePress – Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/655c08e6-4ef2-438e-b381-1bc3748c3771?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-9776 + metadata: + fofa-query: "wp-content/plugins/image-gallery/" + google-query: inurl:"/wp-content/plugins/image-gallery/" + shodan-query: 'vuln:CVE-2024-9776' + tags: cve,wordpress,wp-plugin,image-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/poc/sql/CVE-2024-9824-44742b5dfe15bf136d8b10c8fdb6d6e7.yaml b/poc/sql/CVE-2024-9824-44742b5dfe15bf136d8b10c8fdb6d6e7.yaml new file mode 100644 index 0000000000..871c44c571 --- /dev/null +++ b/poc/sql/CVE-2024-9824-44742b5dfe15bf136d8b10c8fdb6d6e7.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9824-44742b5dfe15bf136d8b10c8fdb6d6e7 + +info: + name: > + ImagePress - Image Gallery <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post Title Update + author: topscoder + severity: low + description: > + The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ip_delete_post' and 'ip_update_post_title' functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts and update post titles. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bce6872-34d4-4675-bce9-e1197d801bce?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-9824 + metadata: + fofa-query: "wp-content/plugins/image-gallery/" + google-query: inurl:"/wp-content/plugins/image-gallery/" + shodan-query: 'vuln:CVE-2024-9824' + tags: cve,wordpress,wp-plugin,image-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/poc/upload/increase-upload-file-size-maximum-execution-time-limit.yaml b/poc/upload/increase-upload-file-size-maximum-execution-time-limit.yaml new file mode 100644 index 0000000000..9316812db7 --- /dev/null +++ b/poc/upload/increase-upload-file-size-maximum-execution-time-limit.yaml @@ -0,0 +1,59 @@ +id: increase-upload-file-size-maximum-execution-time-limit + +info: + name: > + Increase upload file size & Maximum Execution Time limit <= 2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c432dbe-8542-41de-966a-b2699d1685ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/increase-upload-file-size-maximum-execution-time-limit/" + google-query: inurl:"/wp-content/plugins/increase-upload-file-size-maximum-execution-time-limit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,increase-upload-file-size-maximum-execution-time-limit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/increase-upload-file-size-maximum-execution-time-limit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "increase-upload-file-size-maximum-execution-time-limit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/poc/upload/wp-file-upload-439c10683c6c205110b225b20910cc36.yaml b/poc/upload/wp-file-upload-439c10683c6c205110b225b20910cc36.yaml new file mode 100644 index 0000000000..82013c0b3a --- /dev/null +++ b/poc/upload/wp-file-upload-439c10683c6c205110b225b20910cc36.yaml @@ -0,0 +1,59 @@ +id: wp-file-upload-439c10683c6c205110b225b20910cc36 + +info: + name: > + WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/554a314c-9e8e-4691-9792-d086790ef40f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.24.11') \ No newline at end of file diff --git a/poc/wordpress/mailchimp-wp-6180a3b6b3e533e17e26dc2174349f0a.yaml b/poc/wordpress/mailchimp-wp-6180a3b6b3e533e17e26dc2174349f0a.yaml new file mode 100644 index 0000000000..0e5016135f --- /dev/null +++ b/poc/wordpress/mailchimp-wp-6180a3b6b3e533e17e26dc2174349f0a.yaml @@ -0,0 +1,59 @@ +id: mailchimp-wp-6180a3b6b3e533e17e26dc2174349f0a + +info: + name: > + Forms for Mailchimp by Optin Cat <= 2.5.6 - Authenticated (Editor+) Stored Cross-Site Scripting via Form Color Parameters + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52f9db86-7fed-4b32-8384-3ceb300f9249?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailchimp-wp/" + google-query: inurl:"/wp-content/plugins/mailchimp-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailchimp-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailchimp-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailchimp-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.6') \ No newline at end of file diff --git a/poc/wordpress/wordpress-popup-705de09e622918c55b7a1ab10bf33e2a.yaml b/poc/wordpress/wordpress-popup-705de09e622918c55b7a1ab10bf33e2a.yaml new file mode 100644 index 0000000000..24c9a4d126 --- /dev/null +++ b/poc/wordpress/wordpress-popup-705de09e622918c55b7a1ab10bf33e2a.yaml @@ -0,0 +1,59 @@ +id: wordpress-popup-705de09e622918c55b7a1ab10bf33e2a + +info: + name: > + Hustle <= 7.8.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7023a3e-35ba-4d52-8092-ae40b53d5efa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-popup/" + google-query: inurl:"/wp-content/plugins/wordpress-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.8.4') \ No newline at end of file diff --git a/poc/wordpress/wp-bulk-delete.yaml b/poc/wordpress/wp-bulk-delete.yaml new file mode 100644 index 0000000000..d6aa0a7d80 --- /dev/null +++ b/poc/wordpress/wp-bulk-delete.yaml @@ -0,0 +1,59 @@ +id: wp-bulk-delete + +info: + name: > + WP Bulk Delete <= 1.3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a145f3ca-2c38-4058-9aa9-e2dcc43c029a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-bulk-delete/" + google-query: inurl:"/wp-content/plugins/wp-bulk-delete/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-bulk-delete,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-bulk-delete/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-bulk-delete" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/poc/wordpress/wp-file-upload-439c10683c6c205110b225b20910cc36.yaml b/poc/wordpress/wp-file-upload-439c10683c6c205110b225b20910cc36.yaml new file mode 100644 index 0000000000..82013c0b3a --- /dev/null +++ b/poc/wordpress/wp-file-upload-439c10683c6c205110b225b20910cc36.yaml @@ -0,0 +1,59 @@ +id: wp-file-upload-439c10683c6c205110b225b20910cc36 + +info: + name: > + WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/554a314c-9e8e-4691-9792-d086790ef40f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.24.11') \ No newline at end of file diff --git a/poc/wordpress/wp-mylinks.yaml b/poc/wordpress/wp-mylinks.yaml new file mode 100644 index 0000000000..210fb4b742 --- /dev/null +++ b/poc/wordpress/wp-mylinks.yaml @@ -0,0 +1,59 @@ +id: wp-mylinks + +info: + name: > + WP MyLinks <= 1.0.6 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b768777-d502-47b4-bf78-03c4cd525063?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mylinks/" + google-query: inurl:"/wp-content/plugins/wp-mylinks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mylinks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mylinks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mylinks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/poc/wordpress/wp-post-author-3f4de7ecb8586f0c99558a166624662d.yaml b/poc/wordpress/wp-post-author-3f4de7ecb8586f0c99558a166624662d.yaml new file mode 100644 index 0000000000..865fe367de --- /dev/null +++ b/poc/wordpress/wp-post-author-3f4de7ecb8586f0c99558a166624662d.yaml @@ -0,0 +1,59 @@ +id: wp-post-author-3f4de7ecb8586f0c99558a166624662d + +info: + name: > + Boost Your Blog's Engagement with WP Post Author <= 3.8.1 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d667bafc-5f19-4889-a988-236df050c013?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-post-author/" + google-query: inurl:"/wp-content/plugins/wp-post-author/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-post-author,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-post-author/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-post-author" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.1') \ No newline at end of file