From d9e3f3813d7918a40917141bfcf1434020e5fa51 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 6 Nov 2024 12:41:01 +0000 Subject: [PATCH] 20241106 --- date.txt | 2 +- poc.txt | 58 ++++++++++++++++++ ...ogin-323326633e68646fd78ad5035af9e4d0.yaml | 59 +++++++++++++++++++ poc/auth/loginizer-security.yaml | 59 +++++++++++++++++++ ...ckup-c5cfc7a8f5c040156a3bb37da7e93d2e.yaml | 59 +++++++++++++++++++ ...0020-397e5cc97549d156277da4b33b2ec5af.yaml | 59 +++++++++++++++++++ ...0028-df3e6beddae25a2d75eafa93f8243ba1.yaml | 59 +++++++++++++++++++ ...0084-861e5ee4c434bf307e7c7990c04e71c6.yaml | 59 +++++++++++++++++++ poc/cve/CVE-2024-10097.yaml | 59 +++++++++++++++++++ poc/cve/CVE-2024-10114.yaml | 59 +++++++++++++++++++ ...0168-5dd2e3f11455bb460d8442499d307db4.yaml | 59 +++++++++++++++++++ ...0186-6c60081d3957ea0f1a2bee057a6e3646.yaml | 59 +++++++++++++++++++ poc/cve/CVE-2024-10263.yaml | 59 +++++++++++++++++++ poc/cve/CVE-2024-10319.yaml | 59 +++++++++++++++++++ poc/cve/CVE-2024-10329.yaml | 59 +++++++++++++++++++ poc/cve/CVE-2024-10340.yaml | 59 +++++++++++++++++++ poc/cve/CVE-2024-10482.yaml | 59 +++++++++++++++++++ ...0535-b51eb8fc6cda61a894f8bb87a3120536.yaml | 59 +++++++++++++++++++ ...0543-e240462908e52198328b07cf1527032a.yaml | 59 +++++++++++++++++++ ...0647-f9db24370dab16c6bbf61c415c445725.yaml | 59 +++++++++++++++++++ poc/cve/CVE-2024-10687.yaml | 59 +++++++++++++++++++ poc/cve/CVE-2024-10711.yaml | 59 +++++++++++++++++++ ...0715-ba1e405f986ec1f9d399b6eb9a27584a.yaml | 59 +++++++++++++++++++ ...6626-f9bef46915a3a330a207c0a775a0bb79.yaml | 59 +++++++++++++++++++ poc/cve/CVE-2024-7429.yaml | 59 +++++++++++++++++++ ...8323-4ed9338d4016d43f068c4fcd74a023c5.yaml | 59 +++++++++++++++++++ ...8614-bba78351631009c8b9f8ed8085ea49bd.yaml | 59 +++++++++++++++++++ ...8615-bdd0f38bd4eb685ae0f9168bc6274ee8.yaml | 59 +++++++++++++++++++ poc/cve/CVE-2024-9178.yaml | 59 +++++++++++++++++++ ...9307-f97e0d22f048961712c6b4369a193dce.yaml | 59 +++++++++++++++++++ poc/cve/CVE-2024-9443.yaml | 59 +++++++++++++++++++ poc/cve/CVE-2024-9657.yaml | 59 +++++++++++++++++++ poc/cve/CVE-2024-9667.yaml | 59 +++++++++++++++++++ poc/cve/CVE-2024-9867.yaml | 59 +++++++++++++++++++ poc/cve/CVE-2024-9878.yaml | 59 +++++++++++++++++++ ...9946-d4a8825baaf2cfd00d266023da36083a.yaml | 59 +++++++++++++++++++ ...9990-7618e8dcf5a44c49180add784d278f41.yaml | 59 +++++++++++++++++++ ...ress-b25abd0d3654b1f737abc8339b1e67c2.yaml | 59 +++++++++++++++++++ ...ntor-c024b871ad471c95d80fa5f7bca0464c.yaml | 59 +++++++++++++++++++ poc/other/basticom-framework.yaml | 59 +++++++++++++++++++ ...bles-fab475ecd98714101dcd7cbc582e3f43.yaml | 59 +++++++++++++++++++ ...post-12a19d0523d91d302e58f735caa56444.yaml | 59 +++++++++++++++++++ poc/other/media-library-tools.yaml | 59 +++++++++++++++++++ ...lite-d859e177ea1a9c5a736a9d6f6e67bfac.yaml | 59 +++++++++++++++++++ poc/other/nuclei-flow-dns-id.yaml | 41 +++++++++++++ ...ions-a40e28814c5b2b5736baca4a102e409e.yaml | 59 +++++++++++++++++++ poc/other/ultimate-shortcodes-creator.yaml | 59 +++++++++++++++++++ ...lery-029c350c02002469cde9b83d6fd37ee6.yaml | 59 +++++++++++++++++++ ...form-856910179a627c14492979cf129b6c0a.yaml | 59 +++++++++++++++++++ ...erce-48c7496a59f1b46c410766acb760066a.yaml | 59 +++++++++++++++++++ ...arch-03a6d4009d3c764773bb4fad50720c2f.yaml | 59 +++++++++++++++++++ ...arch-879f053d3d5e68742fb10961828f18bd.yaml | 59 +++++++++++++++++++ ...ogin-323326633e68646fd78ad5035af9e4d0.yaml | 59 +++++++++++++++++++ ...izer-cde74c5a0c4bf7a055439768691fa7e9.yaml | 59 +++++++++++++++++++ ...0168-5dd2e3f11455bb460d8442499d307db4.yaml | 59 +++++++++++++++++++ ...0647-f9db24370dab16c6bbf61c415c445725.yaml | 59 +++++++++++++++++++ ...sion-19c0a0b29d21408f77a2c0691f216dbb.yaml | 59 +++++++++++++++++++ ...ress-b25abd0d3654b1f737abc8339b1e67c2.yaml | 59 +++++++++++++++++++ ...arch-03a6d4009d3c764773bb4fad50720c2f.yaml | 59 +++++++++++++++++++ ...arch-879f053d3d5e68742fb10961828f18bd.yaml | 59 +++++++++++++++++++ 60 files changed, 3463 insertions(+), 1 deletion(-) create mode 100644 poc/auth/heateor-social-login-323326633e68646fd78ad5035af9e4d0.yaml create mode 100644 poc/auth/loginizer-security.yaml create mode 100644 poc/backup/everest-backup-c5cfc7a8f5c040156a3bb37da7e93d2e.yaml create mode 100644 poc/cve/CVE-2024-10020-397e5cc97549d156277da4b33b2ec5af.yaml create mode 100644 poc/cve/CVE-2024-10028-df3e6beddae25a2d75eafa93f8243ba1.yaml create mode 100644 poc/cve/CVE-2024-10084-861e5ee4c434bf307e7c7990c04e71c6.yaml create mode 100644 poc/cve/CVE-2024-10097.yaml create mode 100644 poc/cve/CVE-2024-10114.yaml create mode 100644 poc/cve/CVE-2024-10168-5dd2e3f11455bb460d8442499d307db4.yaml create mode 100644 poc/cve/CVE-2024-10186-6c60081d3957ea0f1a2bee057a6e3646.yaml create mode 100644 poc/cve/CVE-2024-10263.yaml create mode 100644 poc/cve/CVE-2024-10319.yaml create mode 100644 poc/cve/CVE-2024-10329.yaml create mode 100644 poc/cve/CVE-2024-10340.yaml create mode 100644 poc/cve/CVE-2024-10482.yaml create mode 100644 poc/cve/CVE-2024-10535-b51eb8fc6cda61a894f8bb87a3120536.yaml create mode 100644 poc/cve/CVE-2024-10543-e240462908e52198328b07cf1527032a.yaml create mode 100644 poc/cve/CVE-2024-10647-f9db24370dab16c6bbf61c415c445725.yaml create mode 100644 poc/cve/CVE-2024-10687.yaml create mode 100644 poc/cve/CVE-2024-10711.yaml create mode 100644 poc/cve/CVE-2024-10715-ba1e405f986ec1f9d399b6eb9a27584a.yaml create mode 100644 poc/cve/CVE-2024-6626-f9bef46915a3a330a207c0a775a0bb79.yaml create mode 100644 poc/cve/CVE-2024-7429.yaml create mode 100644 poc/cve/CVE-2024-8323-4ed9338d4016d43f068c4fcd74a023c5.yaml create mode 100644 poc/cve/CVE-2024-8614-bba78351631009c8b9f8ed8085ea49bd.yaml create mode 100644 poc/cve/CVE-2024-8615-bdd0f38bd4eb685ae0f9168bc6274ee8.yaml create mode 100644 poc/cve/CVE-2024-9178.yaml create mode 100644 poc/cve/CVE-2024-9307-f97e0d22f048961712c6b4369a193dce.yaml create mode 100644 poc/cve/CVE-2024-9443.yaml create mode 100644 poc/cve/CVE-2024-9657.yaml create mode 100644 poc/cve/CVE-2024-9667.yaml create mode 100644 poc/cve/CVE-2024-9867.yaml create mode 100644 poc/cve/CVE-2024-9878.yaml create mode 100644 poc/cve/CVE-2024-9946-d4a8825baaf2cfd00d266023da36083a.yaml create mode 100644 poc/cve/CVE-2024-9990-7618e8dcf5a44c49180add784d278f41.yaml create mode 100644 poc/google/mappress-google-maps-for-wordpress-b25abd0d3654b1f737abc8339b1e67c2.yaml create mode 100644 poc/other/all-contact-form-integration-for-elementor-c024b871ad471c95d80fa5f7bca0464c.yaml create mode 100644 poc/other/basticom-framework.yaml create mode 100644 poc/other/easy-pricing-tables-fab475ecd98714101dcd7cbc582e3f43.yaml create mode 100644 poc/other/event-post-12a19d0523d91d302e58f735caa56444.yaml create mode 100644 poc/other/media-library-tools.yaml create mode 100644 poc/other/mfolio-lite-d859e177ea1a9c5a736a9d6f6e67bfac.yaml create mode 100644 poc/other/nuclei-flow-dns-id.yaml create mode 100644 poc/other/tumult-hype-animations-a40e28814c5b2b5736baca4a102e409e.yaml create mode 100644 poc/other/ultimate-shortcodes-creator.yaml create mode 100644 poc/other/video-wc-gallery-029c350c02002469cde9b83d6fd37ee6.yaml create mode 100644 poc/other/ws-form-856910179a627c14492979cf129b6c0a.yaml create mode 100644 poc/remote_code_execution/profit-products-tables-for-woocommerce-48c7496a59f1b46c410766acb760066a.yaml create mode 100644 poc/search/wp-jobsearch-03a6d4009d3c764773bb4fad50720c2f.yaml create mode 100644 poc/search/wp-jobsearch-879f053d3d5e68742fb10961828f18bd.yaml create mode 100644 poc/social/heateor-social-login-323326633e68646fd78ad5035af9e4d0.yaml create mode 100644 poc/social/super-socializer-cde74c5a0c4bf7a055439768691fa7e9.yaml create mode 100644 poc/sql/CVE-2024-10168-5dd2e3f11455bb460d8442499d307db4.yaml create mode 100644 poc/sql/CVE-2024-10647-f9db24370dab16c6bbf61c415c445725.yaml create mode 100644 poc/sql/contact-form-7-dynamic-text-extension-19c0a0b29d21408f77a2c0691f216dbb.yaml create mode 100644 poc/wordpress/mappress-google-maps-for-wordpress-b25abd0d3654b1f737abc8339b1e67c2.yaml create mode 100644 poc/wordpress/wp-jobsearch-03a6d4009d3c764773bb4fad50720c2f.yaml create mode 100644 poc/wordpress/wp-jobsearch-879f053d3d5e68742fb10961828f18bd.yaml diff --git a/date.txt b/date.txt index 30cad970f7..e7bef9850f 100644 --- a/date.txt +++ b/date.txt @@ -1 +1 @@ -20241105 +20241106 diff --git a/poc.txt b/poc.txt index a130251b07..3e957ee317 100644 --- a/poc.txt +++ b/poc.txt @@ -3345,6 +3345,7 @@ ./poc/auth/hcommonssocial-mastodon-instance.yaml ./poc/auth/heateor-social-login-0a5ef8161e1b27d27ad667d562e5e6e6.yaml ./poc/auth/heateor-social-login-2d825c781bd7a85cdacd3ba818cfb8d6.yaml +./poc/auth/heateor-social-login-323326633e68646fd78ad5035af9e4d0.yaml ./poc/auth/heateor-social-login-90103aeed3bba73ad3a0097c8fbd40e4.yaml ./poc/auth/heateor-social-login-d8e57a761fc311db417762257d0b4649.yaml ./poc/auth/heateor-social-login.yaml @@ -3946,6 +3947,7 @@ ./poc/auth/loginizer-f44dbd4f062265344baed59c032514bb.yaml ./poc/auth/loginizer-faba3dc963ecbddcf1814fde37539b14.yaml ./poc/auth/loginizer-security-a645aa27d21902e8047247162f3fd0fb.yaml +./poc/auth/loginizer-security.yaml ./poc/auth/loginizer.yaml ./poc/auth/loginpress-2ddcc7501f5b4ca52d0728ac83fed71c.yaml ./poc/auth/loginpress-30384c2e0015df3a852f16dd508110c1.yaml @@ -6782,6 +6784,7 @@ ./poc/backup/everest-backup-1e67fed7796a324bd7d5d165c6768edc.yaml ./poc/backup/everest-backup-421c384b1afa892cba8ed3269d60faa4.yaml ./poc/backup/everest-backup-7761182ec8a559d2e3cae14625ef2ccd.yaml +./poc/backup/everest-backup-c5cfc7a8f5c040156a3bb37da7e93d2e.yaml ./poc/backup/everest-backup-d41d8cd98f00b204e9800998ecf8427e.yaml ./poc/backup/everest-backup-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml ./poc/backup/everest-backup-plugin.yaml @@ -33636,6 +33639,8 @@ ./poc/cve/CVE-2024-10014.yaml ./poc/cve/CVE-2024-10016-178761d7d6f8e5f5807de98de6404c48.yaml ./poc/cve/CVE-2024-10016.yaml +./poc/cve/CVE-2024-10020-397e5cc97549d156277da4b33b2ec5af.yaml +./poc/cve/CVE-2024-10028-df3e6beddae25a2d75eafa93f8243ba1.yaml ./poc/cve/CVE-2024-10040-ee8183e3617c63ac904e5e710044f265.yaml ./poc/cve/CVE-2024-10040.yaml ./poc/cve/CVE-2024-10045-b4e327038c9d97f0951cbe31ae85ae95.yaml @@ -33656,22 +33661,26 @@ ./poc/cve/CVE-2024-10079.yaml ./poc/cve/CVE-2024-10080-e752dddf0fc4544c6494ed49850e78fe.yaml ./poc/cve/CVE-2024-10080.yaml +./poc/cve/CVE-2024-10084-861e5ee4c434bf307e7c7990c04e71c6.yaml ./poc/cve/CVE-2024-10091-47d98d91216f898ff00624ad6961c9a7.yaml ./poc/cve/CVE-2024-10091.yaml ./poc/cve/CVE-2024-10092-d032ec31ce8980271a8c19e352a437d5.yaml ./poc/cve/CVE-2024-10092.yaml ./poc/cve/CVE-2024-10097-66fdd14b5978d2ebbd6a9fee52d080ec.yaml +./poc/cve/CVE-2024-10097.yaml ./poc/cve/CVE-2024-10108-caa219ca69a3786bb9c03f5b9d9a5323.yaml ./poc/cve/CVE-2024-10108.yaml ./poc/cve/CVE-2024-10112-b49134293bd607a2527227eff1da1897.yaml ./poc/cve/CVE-2024-10112.yaml ./poc/cve/CVE-2024-10114-6564102a019f9d71ebb84293fc9159f1.yaml +./poc/cve/CVE-2024-10114.yaml ./poc/cve/CVE-2024-10117-0f80cc12896c22d305bb403aa391d732.yaml ./poc/cve/CVE-2024-10117.yaml ./poc/cve/CVE-2024-10148-66e8a68a811d5893a9baabebb92f1d1e.yaml ./poc/cve/CVE-2024-10148.yaml ./poc/cve/CVE-2024-10150-430c4ec0389798d1691a4f250437c712.yaml ./poc/cve/CVE-2024-10150.yaml +./poc/cve/CVE-2024-10168-5dd2e3f11455bb460d8442499d307db4.yaml ./poc/cve/CVE-2024-10176-5fa3a3e54fe7dc27a4441a8eb1a55212.yaml ./poc/cve/CVE-2024-10176.yaml ./poc/cve/CVE-2024-10180-cda9906f3b0afcef720a2edb145ba669.yaml @@ -33682,6 +33691,7 @@ ./poc/cve/CVE-2024-10184.yaml ./poc/cve/CVE-2024-10185-8035ec074be079e96120312271a0f33c.yaml ./poc/cve/CVE-2024-10185.yaml +./poc/cve/CVE-2024-10186-6c60081d3957ea0f1a2bee057a6e3646.yaml ./poc/cve/CVE-2024-10189-c70ac469531f5752b3a747a22314dda8.yaml ./poc/cve/CVE-2024-10189.yaml ./poc/cve/CVE-2024-1021.yaml @@ -33698,6 +33708,7 @@ ./poc/cve/CVE-2024-10250-381303a6df453508271ce4a14d6f5e15.yaml ./poc/cve/CVE-2024-10250.yaml ./poc/cve/CVE-2024-10263-5a599dd7d83925469bc803c5aabfa610.yaml +./poc/cve/CVE-2024-10263.yaml ./poc/cve/CVE-2024-10266-c7464e0e6f14d3d02fbbef631b0fa0d8.yaml ./poc/cve/CVE-2024-10266.yaml ./poc/cve/CVE-2024-10310-08ea151b2594c4d66f1066377ac5bb02.yaml @@ -33705,8 +33716,11 @@ ./poc/cve/CVE-2024-10312-50ebf94b7cedccb9e13dff934ff93b48.yaml ./poc/cve/CVE-2024-10312.yaml ./poc/cve/CVE-2024-10319-5c0b2e6241c7af29d146faf4b6581f3b.yaml +./poc/cve/CVE-2024-10319.yaml ./poc/cve/CVE-2024-10329-674336a2b18a0cf5dc2e5e17857d1636.yaml +./poc/cve/CVE-2024-10329.yaml ./poc/cve/CVE-2024-10340-3b29e898b9b2950a86e6a8953edaf31a.yaml +./poc/cve/CVE-2024-10340.yaml ./poc/cve/CVE-2024-10341-f9f2b1daeef7d31a7252cb1ebc44b526.yaml ./poc/cve/CVE-2024-10341.yaml ./poc/cve/CVE-2024-10342-4c9fa17231c31987f79d558b7b883e9d.yaml @@ -33759,6 +33773,7 @@ ./poc/cve/CVE-2024-1047-fb93f34e53916d4f4fd53ff72b0a2a6f.yaml ./poc/cve/CVE-2024-1047.yaml ./poc/cve/CVE-2024-10482-845ce866c54cd77aff0707f285c1d085.yaml +./poc/cve/CVE-2024-10482.yaml ./poc/cve/CVE-2024-1049-0e66fa189b7475aa8bef5ee2db21f9f7.yaml ./poc/cve/CVE-2024-1049.yaml ./poc/cve/CVE-2024-1050-27175c3a9c41e19f3b6754fd15e6284b.yaml @@ -33767,10 +33782,12 @@ ./poc/cve/CVE-2024-1051.yaml ./poc/cve/CVE-2024-1053-ecc5e07de79c654d2248cf4b93e3241f.yaml ./poc/cve/CVE-2024-1053.yaml +./poc/cve/CVE-2024-10535-b51eb8fc6cda61a894f8bb87a3120536.yaml ./poc/cve/CVE-2024-1054-eba02697b8618c6807b4eae794b59362.yaml ./poc/cve/CVE-2024-1054.yaml ./poc/cve/CVE-2024-10540-c51c8b8ffe37ad945de4a85718f3c6a4.yaml ./poc/cve/CVE-2024-10540.yaml +./poc/cve/CVE-2024-10543-e240462908e52198328b07cf1527032a.yaml ./poc/cve/CVE-2024-10544-09e7902ad0b8f33d5cc3104966bee93f.yaml ./poc/cve/CVE-2024-10544.yaml ./poc/cve/CVE-2024-1055-d648797daf2d40f2e3020df2557ea8d6.yaml @@ -33783,9 +33800,11 @@ ./poc/cve/CVE-2024-1058.yaml ./poc/cve/CVE-2024-1061-c2234d6b671e34ecc87aded4a14cc4c8.yaml ./poc/cve/CVE-2024-1061.yaml +./poc/cve/CVE-2024-10647-f9db24370dab16c6bbf61c415c445725.yaml ./poc/cve/CVE-2024-1068-9cafdd7123cc13ec1ddd7f5534904f5e.yaml ./poc/cve/CVE-2024-1068.yaml ./poc/cve/CVE-2024-10687-d9989207d8a257bce53d182b8cda1c6d.yaml +./poc/cve/CVE-2024-10687.yaml ./poc/cve/CVE-2024-1069-eade4f165a3dd4a95074ea430cf7d5a1.yaml ./poc/cve/CVE-2024-1069.yaml ./poc/cve/CVE-2024-1070-2eaf969a3130409b034463b1e7ec7297.yaml @@ -33793,6 +33812,8 @@ ./poc/cve/CVE-2024-1071-2920c7e3fa1eab9da1c8d6b582e0a18a.yaml ./poc/cve/CVE-2024-1071.yaml ./poc/cve/CVE-2024-10711-67db13badffeeb4f5ca81cc9213c6c29.yaml +./poc/cve/CVE-2024-10711.yaml +./poc/cve/CVE-2024-10715-ba1e405f986ec1f9d399b6eb9a27584a.yaml ./poc/cve/CVE-2024-1072-23a9f57c67b8b80aa521301d7ce5b911.yaml ./poc/cve/CVE-2024-1072.yaml ./poc/cve/CVE-2024-1073-fbc0c1c17165bd449a27005cce0363e5.yaml @@ -44020,6 +44041,7 @@ ./poc/cve/CVE-2024-6624.yaml ./poc/cve/CVE-2024-6625-e3b1fd85860f69080f38118a4ce4bb79.yaml ./poc/cve/CVE-2024-6625.yaml +./poc/cve/CVE-2024-6626-f9bef46915a3a330a207c0a775a0bb79.yaml ./poc/cve/CVE-2024-6627-e2f62664c90500c62480c18e39692312.yaml ./poc/cve/CVE-2024-6627.yaml ./poc/cve/CVE-2024-6629-d16f070910ae811c719a92ea7113c3c7.yaml @@ -44370,6 +44392,7 @@ ./poc/cve/CVE-2024-7426-a402ee84a247d584eb53ba5bd0b27b15.yaml ./poc/cve/CVE-2024-7426.yaml ./poc/cve/CVE-2024-7429-6f110eb5eb2276cd5a0fa1741f06f1ba.yaml +./poc/cve/CVE-2024-7429.yaml ./poc/cve/CVE-2024-7432-a31e7190a6c277ef29d066b81bd9a805.yaml ./poc/cve/CVE-2024-7432.yaml ./poc/cve/CVE-2024-7433-d4b3cf455560c2a3ffa41960db7b264c.yaml @@ -44727,6 +44750,7 @@ ./poc/cve/CVE-2024-8318.yaml ./poc/cve/CVE-2024-8319-f52695adcae621062e419e0168d0ec9c.yaml ./poc/cve/CVE-2024-8319.yaml +./poc/cve/CVE-2024-8323-4ed9338d4016d43f068c4fcd74a023c5.yaml ./poc/cve/CVE-2024-8324-856d4c9a60d6402eeb68ff56927d8889.yaml ./poc/cve/CVE-2024-8324.yaml ./poc/cve/CVE-2024-8325-11327d2b9e1fdbe3b095a728909b8615.yaml @@ -44861,6 +44885,8 @@ ./poc/cve/CVE-2024-8549.yaml ./poc/cve/CVE-2024-8552-3fed4d10e5322d73ee0e8c653106a656.yaml ./poc/cve/CVE-2024-8552.yaml +./poc/cve/CVE-2024-8614-bba78351631009c8b9f8ed8085ea49bd.yaml +./poc/cve/CVE-2024-8615-bdd0f38bd4eb685ae0f9168bc6274ee8.yaml ./poc/cve/CVE-2024-8619-68e42e392b92a31acf5085fd0331fe98.yaml ./poc/cve/CVE-2024-8619.yaml ./poc/cve/CVE-2024-8621-7d60a8cdcf557152f36b470b1896351c.yaml @@ -45191,6 +45217,7 @@ ./poc/cve/CVE-2024-9177-178dee7653fa8d80dc1711bad3dcec51.yaml ./poc/cve/CVE-2024-9177.yaml ./poc/cve/CVE-2024-9178-a7fff85e8c000868e1e7370c1df60d15.yaml +./poc/cve/CVE-2024-9178.yaml ./poc/cve/CVE-2024-9184-bbbcea152c8a7afc5cdfbc5a529501a6.yaml ./poc/cve/CVE-2024-9184.yaml ./poc/cve/CVE-2024-9187-8b43f9d2f6a2b591d59c81d2238caf51.yaml @@ -45282,6 +45309,7 @@ ./poc/cve/CVE-2024-9305.yaml ./poc/cve/CVE-2024-9306-7ba53590edffd095e67bc17955e3e15f.yaml ./poc/cve/CVE-2024-9306.yaml +./poc/cve/CVE-2024-9307-f97e0d22f048961712c6b4369a193dce.yaml ./poc/cve/CVE-2024-9314-a0c0949919b0d8bc3642420176eab1de.yaml ./poc/cve/CVE-2024-9314.yaml ./poc/cve/CVE-2024-9344-17abd6dc792a14ae58c5a178902d89b5.yaml @@ -45353,6 +45381,7 @@ ./poc/cve/CVE-2024-9438-35e80a39f9c5a9c6a465bf9aae910e35.yaml ./poc/cve/CVE-2024-9438.yaml ./poc/cve/CVE-2024-9443-8a1b073b17522dd981e6fee1d9c12cf9.yaml +./poc/cve/CVE-2024-9443.yaml ./poc/cve/CVE-2024-9444-a6b3efa350afce890b47530869028068.yaml ./poc/cve/CVE-2024-9444.yaml ./poc/cve/CVE-2024-9445-0fedc25f3077e00a018f5c725f6ded08.yaml @@ -45497,7 +45526,9 @@ ./poc/cve/CVE-2024-9656-5e11b0669cd68a7b45a069c732842ecd.yaml ./poc/cve/CVE-2024-9656.yaml ./poc/cve/CVE-2024-9657-dd8407e47fb5333a5395e7c73b8d6f4f.yaml +./poc/cve/CVE-2024-9657.yaml ./poc/cve/CVE-2024-9667-a1addcc71f016a7e0b8f16b6095d9d7c.yaml +./poc/cve/CVE-2024-9667.yaml ./poc/cve/CVE-2024-9670-590d40c02bbb47b092deffa0e1d25829.yaml ./poc/cve/CVE-2024-9670.yaml ./poc/cve/CVE-2024-9674-531fd254227c00a4d5bf989a15584f9f.yaml @@ -45563,11 +45594,13 @@ ./poc/cve/CVE-2024-9865-44de46ebb413c021b1f60bc0350545dc.yaml ./poc/cve/CVE-2024-9865.yaml ./poc/cve/CVE-2024-9867-28418454e7529e38f715c32d4d7e771c.yaml +./poc/cve/CVE-2024-9867.yaml ./poc/cve/CVE-2024-9868-96549eced85be8945967e02f9312fbfb.yaml ./poc/cve/CVE-2024-9868.yaml ./poc/cve/CVE-2024-9873-c5ed80b51344fca9873ea5af2135924b.yaml ./poc/cve/CVE-2024-9873.yaml ./poc/cve/CVE-2024-9878-24180a128592e4c279c5c3ae1fe81645.yaml +./poc/cve/CVE-2024-9878.yaml ./poc/cve/CVE-2024-9884-f8253ad72061af498d8ec3a2d3e9ab2a.yaml ./poc/cve/CVE-2024-9884.yaml ./poc/cve/CVE-2024-9885-c4d2eb2be89294342947c515f064109a.yaml @@ -45614,6 +45647,7 @@ ./poc/cve/CVE-2024-9943.yaml ./poc/cve/CVE-2024-9944-c4d693e491a7b94e2552e7400b79d0d6.yaml ./poc/cve/CVE-2024-9944.yaml +./poc/cve/CVE-2024-9946-d4a8825baaf2cfd00d266023da36083a.yaml ./poc/cve/CVE-2024-9947-aa2c01bce355ed9ad7b6f5ea816b09d1.yaml ./poc/cve/CVE-2024-9947.yaml ./poc/cve/CVE-2024-9951-be046d8362f1832edd91856d0526cdb7.yaml @@ -45624,6 +45658,7 @@ ./poc/cve/CVE-2024-9988.yaml ./poc/cve/CVE-2024-9989-3fc6b24254bebade10a4f6f48d55a380.yaml ./poc/cve/CVE-2024-9989.yaml +./poc/cve/CVE-2024-9990-7618e8dcf5a44c49180add784d278f41.yaml ./poc/cve/CVE-2024-9990-dad76e11293ef9cadc6a70a1291ac862.yaml ./poc/cve/CVE-2024-9990.yaml ./poc/cve/CVE-2024–24142.yaml @@ -59147,6 +59182,7 @@ ./poc/google/mappress-google-maps-for-wordpress-abdaff07ef848f760a1361b1cc0f28e8.yaml ./poc/google/mappress-google-maps-for-wordpress-ac33d0a575869b85ed8a4fb5cc1d5a5a.yaml ./poc/google/mappress-google-maps-for-wordpress-b09c4afaec5f20a4cf81caa6fc71116d.yaml +./poc/google/mappress-google-maps-for-wordpress-b25abd0d3654b1f737abc8339b1e67c2.yaml ./poc/google/mappress-google-maps-for-wordpress-b2d11f5eda98e7518ce47f4a21d37c0e.yaml ./poc/google/mappress-google-maps-for-wordpress-c2f7d5e7ad588a45b067c408f7c06c5a.yaml ./poc/google/mappress-google-maps-for-wordpress.yaml @@ -79006,6 +79042,7 @@ ./poc/other/all-bootstrap-blocks.yaml ./poc/other/all-contact-form-integration-for-elementor-4e42b67e04faef6bb31ce7a6175d6d18.yaml ./poc/other/all-contact-form-integration-for-elementor-5ea0d4b1344a8dea12e0a27337e2e97a.yaml +./poc/other/all-contact-form-integration-for-elementor-c024b871ad471c95d80fa5f7bca0464c.yaml ./poc/other/all-contact-form-integration-for-elementor-df08b6a8ee392a2702c37c3d84a17730.yaml ./poc/other/all-contact-form-integration-for-elementor.yaml ./poc/other/all-custom-fields-groups-96e0bfec305d57407c9444ef28dace2a.yaml @@ -80596,6 +80633,7 @@ ./poc/other/baslider-d2769d47b86c6f5f3189cf951f4ea324.yaml ./poc/other/baslider.yaml ./poc/other/basticom-framework-097ce8a46bb24be5e834be4251b8f593.yaml +./poc/other/basticom-framework.yaml ./poc/other/batch-cat-aec5f10302d35e7044c2bae9666508de.yaml ./poc/other/batch-cat.yaml ./poc/other/battlenet-phish.yaml @@ -86864,6 +86902,7 @@ ./poc/other/easy-pricing-tables-7cffe0671acb4ecba724cc5107d6f8ac.yaml ./poc/other/easy-pricing-tables-82a6f95b9277545d1524e1ecf8a8d3d7.yaml ./poc/other/easy-pricing-tables-bd2e4615eea76170282fc879ed47c2f9.yaml +./poc/other/easy-pricing-tables-fab475ecd98714101dcd7cbc582e3f43.yaml ./poc/other/easy-pricing-tables.yaml ./poc/other/easy-property-listings-0c5d97b2b89819e09ed90e1ef9a80ae4.yaml ./poc/other/easy-property-listings-9063bf8158823ea456ef59459faccf81.yaml @@ -88162,6 +88201,7 @@ ./poc/other/event-page-templates-addon-for-the-events-calendar-d41d8cd98f00b204e9800998ecf8427e.yaml ./poc/other/event-page-templates-addon-for-the-events-calendar-ed564cf6d52fca31d8e377a3e7178e36.yaml ./poc/other/event-page-templates-addon-for-the-events-calendar.yaml +./poc/other/event-post-12a19d0523d91d302e58f735caa56444.yaml ./poc/other/event-post-3323244e98c48bea38c0f4f2dd937cec.yaml ./poc/other/event-post-aa78f92a7371eb258c2d8b6ea22c108f.yaml ./poc/other/event-post-c27a9b291f63f0f0e35970c9dd39e69f.yaml @@ -95721,6 +95761,7 @@ ./poc/other/media-library-plus-d1f3125677ca810497d4e985b95537ef.yaml ./poc/other/media-library-plus.yaml ./poc/other/media-library-tools-5ae8fca1229228fabe2ecc861184d642.yaml +./poc/other/media-library-tools.yaml ./poc/other/media-list-87561e01bcaac37d1053100a9e9a0c24.yaml ./poc/other/media-list-b45b56389de453506b7abd584a88bcc2.yaml ./poc/other/media-list.yaml @@ -96073,6 +96114,7 @@ ./poc/other/mf-gig-calendar-c6d74393141b9443e08a9be1c9516d24.yaml ./poc/other/mf-gig-calendar-d9319143134e7f138bf77a6e28652944.yaml ./poc/other/mf-gig-calendar.yaml +./poc/other/mfolio-lite-d859e177ea1a9c5a736a9d6f6e67bfac.yaml ./poc/other/mh-board-a284e4d7ee6fc9cf9cf2e0a15bd19214.yaml ./poc/other/mh-board.yaml ./poc/other/mhr-post-ticker-e1c7b83f6a20a0ab35fc7e40613a5ee4.yaml @@ -97762,6 +97804,7 @@ ./poc/other/nuance-theme-d41d8cd98f00b204e9800998ecf8427e.yaml ./poc/other/nuance-theme.yaml ./poc/other/nuance.yaml +./poc/other/nuclei-flow-dns-id.yaml ./poc/other/nuclei-flow-dns-prefix.yaml ./poc/other/nuclei-flow-dns.yaml ./poc/other/nuclei-openssl.yaml @@ -107143,6 +107186,7 @@ ./poc/other/tumblr.yaml ./poc/other/tumult-hype-animations-2822c11e2949dd9c6e5d071e87e856de.yaml ./poc/other/tumult-hype-animations-953f77120b81ab9c1451615ecdc1684e.yaml +./poc/other/tumult-hype-animations-a40e28814c5b2b5736baca4a102e409e.yaml ./poc/other/tumult-hype-animations.yaml ./poc/other/tune-library-42128c02e81aa405b055c02d74b3b8cb.yaml ./poc/other/tune-library.yaml @@ -107681,6 +107725,7 @@ ./poc/other/ultimate-reviews-e4710dde34171f45446a0fc70c5bc516.yaml ./poc/other/ultimate-reviews.yaml ./poc/other/ultimate-shortcodes-creator-7cb016b2f164bd8fa0e7c99a22d1b00c.yaml +./poc/other/ultimate-shortcodes-creator.yaml ./poc/other/ultimate-store-kit-084dad355ae5c775de15d140afa14727.yaml ./poc/other/ultimate-store-kit-34c1e94782b55b611d35e47ac7b7afcb.yaml ./poc/other/ultimate-store-kit-799f4c8743d958449e3f902daac35c9c.yaml @@ -108578,6 +108623,7 @@ ./poc/other/video-synchro-pdf.yaml ./poc/other/video-thumbnails-46694cbb078a7086c3125370e10dab8a.yaml ./poc/other/video-thumbnails.yaml +./poc/other/video-wc-gallery-029c350c02002469cde9b83d6fd37ee6.yaml ./poc/other/video-widget.yaml ./poc/other/video-xml-sitemap-generator-c674f3e8e2fa69ca7dcbb7ded147a769.yaml ./poc/other/video-xml-sitemap-generator.yaml @@ -110492,6 +110538,7 @@ ./poc/other/ws-contact-form.yaml ./poc/other/ws-form-192a7efebc2c2a0161742ba44e9a8f85.yaml ./poc/other/ws-form-51da1307fa61acdd0f1d446ee57c8968.yaml +./poc/other/ws-form-856910179a627c14492979cf129b6c0a.yaml ./poc/other/ws-form-aeab7d2d818c60e62d1151d3930578ad.yaml ./poc/other/ws-form-afec1489dd729e95ee72df2ca55c68a3.yaml ./poc/other/ws-form-b64dfeb1207b372d88ad01521677b87b.yaml @@ -113973,6 +114020,7 @@ ./poc/remote_code_execution/profit-products-tables-for-woocommerce-08e3d4fb644fdadd0cf0f793f0a0f266.yaml ./poc/remote_code_execution/profit-products-tables-for-woocommerce-41cf1519270cf89cfcef5dd25204e621.yaml ./poc/remote_code_execution/profit-products-tables-for-woocommerce-432f89b49839d35f3b97a72d46bf786c.yaml +./poc/remote_code_execution/profit-products-tables-for-woocommerce-48c7496a59f1b46c410766acb760066a.yaml ./poc/remote_code_execution/profit-products-tables-for-woocommerce-a8cf79991fa8fec12ae5a0d63e3e5058.yaml ./poc/remote_code_execution/profit-products-tables-for-woocommerce-b3f7877153c0c8bae09ef3cf35003eec.yaml ./poc/remote_code_execution/profit-products-tables-for-woocommerce-d26ddaaf7b97c463bb7f5df08000e48e.yaml @@ -116536,6 +116584,7 @@ ./poc/search/wp-custom-fields-search.yaml ./poc/search/wp-extended-search-d8fbdd78783ed9fee39d4591d264abf7.yaml ./poc/search/wp-extended-search.yaml +./poc/search/wp-jobsearch-03a6d4009d3c764773bb4fad50720c2f.yaml ./poc/search/wp-jobsearch-03c799c8c1a4335310c615dc29112568.yaml ./poc/search/wp-jobsearch-0964abf3a2489fe0875449d31d844760.yaml ./poc/search/wp-jobsearch-09acb8c3e4b49f60dcdc9014584ef5ad.yaml @@ -116558,6 +116607,7 @@ ./poc/search/wp-jobsearch-712fa5c13aa4525353395abcf7542d1c.yaml ./poc/search/wp-jobsearch-75e4707584003429246cfbb3326e6701.yaml ./poc/search/wp-jobsearch-7af316146e56f8ba88562343637ea1cd.yaml +./poc/search/wp-jobsearch-879f053d3d5e68742fb10961828f18bd.yaml ./poc/search/wp-jobsearch-940a0c96771cc154ffc475bd28945e80.yaml ./poc/search/wp-jobsearch-ad5b6ea5d6c202eefc5538952eab6c69.yaml ./poc/search/wp-jobsearch-af2c3e381fd08962809905e2a2413403.yaml @@ -117220,6 +117270,7 @@ ./poc/social/heateor-social-comments.yaml ./poc/social/heateor-social-login-0a5ef8161e1b27d27ad667d562e5e6e6.yaml ./poc/social/heateor-social-login-2d825c781bd7a85cdacd3ba818cfb8d6.yaml +./poc/social/heateor-social-login-323326633e68646fd78ad5035af9e4d0.yaml ./poc/social/heateor-social-login-90103aeed3bba73ad3a0097c8fbd40e4.yaml ./poc/social/heateor-social-login-d8e57a761fc311db417762257d0b4649.yaml ./poc/social/heateor-social-login.yaml @@ -117708,6 +117759,7 @@ ./poc/social/super-socializer-beb713348e77dca422204b956c3cc459.yaml ./poc/social/super-socializer-c1924c9c4dca1b6d84540fd820d09a45.yaml ./poc/social/super-socializer-c90a9b902bc912b751a1f8d3f185f026.yaml +./poc/social/super-socializer-cde74c5a0c4bf7a055439768691fa7e9.yaml ./poc/social/super-socializer-d41d8cd98f00b204e9800998ecf8427e.yaml ./poc/social/super-socializer-e2883007de8712f63efa635d8f352dd5.yaml ./poc/social/super-socializer-ed5aedbb2fb4a1dfb407a381edbd93b3.yaml @@ -119284,6 +119336,7 @@ ./poc/sql/CVE-2024-0956-dec8fc1767837ea369e30ca1ecdb9c30.yaml ./poc/sql/CVE-2024-0972-d643db18054b1dd86be768803ada8c1e.yaml ./poc/sql/CVE-2024-10014-287fb7ccc9db018318f62de1bc8e246a.yaml +./poc/sql/CVE-2024-10168-5dd2e3f11455bb460d8442499d307db4.yaml ./poc/sql/CVE-2024-10180-cda9906f3b0afcef720a2edb145ba669.yaml ./poc/sql/CVE-2024-10181-21fdb15695068521f367ac81bba91927.yaml ./poc/sql/CVE-2024-10226-352293729ca01a23dbb48ef5e92fcf29.yaml @@ -119294,6 +119347,7 @@ ./poc/sql/CVE-2024-1046-bfec7425f9f443824c4a93511a98dbc5.yaml ./poc/sql/CVE-2024-1047-68db58e698228b42f923e1452fb395bc.yaml ./poc/sql/CVE-2024-1049-0e66fa189b7475aa8bef5ee2db21f9f7.yaml +./poc/sql/CVE-2024-10647-f9db24370dab16c6bbf61c415c445725.yaml ./poc/sql/CVE-2024-10711-67db13badffeeb4f5ca81cc9213c6c29.yaml ./poc/sql/CVE-2024-1076-9a7188ec2ba0e2d447a5f9982f48db9b.yaml ./poc/sql/CVE-2024-1080-15318692234db11db0354155dd2f2282.yaml @@ -121058,6 +121112,7 @@ ./poc/sql/contact-form-7-258673e5fdbbfab2300f9d89ebee934a.yaml ./poc/sql/contact-form-7-b699de7c8c3db9de8103fd36034aee42.yaml ./poc/sql/contact-form-7-be64f3bd293cbdf54e64473ac32452db.yaml +./poc/sql/contact-form-7-dynamic-text-extension-19c0a0b29d21408f77a2c0691f216dbb.yaml ./poc/sql/contact-form-7-dynamic-text-extension-958f1a928bc74cc2468d304735db818c.yaml ./poc/sql/contact-form-7-multi-step-module-6477bf18cad6c823db485408d49b337b.yaml ./poc/sql/contact-form-7-paypal-add-on-300e106676966a486b98e353420db12f.yaml @@ -130370,6 +130425,7 @@ ./poc/wordpress/mappress-google-maps-for-wordpress-abdaff07ef848f760a1361b1cc0f28e8.yaml ./poc/wordpress/mappress-google-maps-for-wordpress-ac33d0a575869b85ed8a4fb5cc1d5a5a.yaml ./poc/wordpress/mappress-google-maps-for-wordpress-b09c4afaec5f20a4cf81caa6fc71116d.yaml +./poc/wordpress/mappress-google-maps-for-wordpress-b25abd0d3654b1f737abc8339b1e67c2.yaml ./poc/wordpress/mappress-google-maps-for-wordpress-b2d11f5eda98e7518ce47f4a21d37c0e.yaml ./poc/wordpress/mappress-google-maps-for-wordpress-c2f7d5e7ad588a45b067c408f7c06c5a.yaml ./poc/wordpress/mappress-google-maps-for-wordpress.yaml @@ -133831,6 +133887,7 @@ ./poc/wordpress/wp-jobs-60dedaec1dd5894ea2c041f7a03c3f01.yaml ./poc/wordpress/wp-jobs-fa1f4667d5ac84642e2aab4facec62ac.yaml ./poc/wordpress/wp-jobs.yaml +./poc/wordpress/wp-jobsearch-03a6d4009d3c764773bb4fad50720c2f.yaml ./poc/wordpress/wp-jobsearch-03c799c8c1a4335310c615dc29112568.yaml ./poc/wordpress/wp-jobsearch-0964abf3a2489fe0875449d31d844760.yaml ./poc/wordpress/wp-jobsearch-09acb8c3e4b49f60dcdc9014584ef5ad.yaml @@ -133853,6 +133910,7 @@ ./poc/wordpress/wp-jobsearch-712fa5c13aa4525353395abcf7542d1c.yaml ./poc/wordpress/wp-jobsearch-75e4707584003429246cfbb3326e6701.yaml ./poc/wordpress/wp-jobsearch-7af316146e56f8ba88562343637ea1cd.yaml +./poc/wordpress/wp-jobsearch-879f053d3d5e68742fb10961828f18bd.yaml ./poc/wordpress/wp-jobsearch-940a0c96771cc154ffc475bd28945e80.yaml ./poc/wordpress/wp-jobsearch-ad5b6ea5d6c202eefc5538952eab6c69.yaml ./poc/wordpress/wp-jobsearch-af2c3e381fd08962809905e2a2413403.yaml diff --git a/poc/auth/heateor-social-login-323326633e68646fd78ad5035af9e4d0.yaml b/poc/auth/heateor-social-login-323326633e68646fd78ad5035af9e4d0.yaml new file mode 100644 index 0000000000..b0531e5417 --- /dev/null +++ b/poc/auth/heateor-social-login-323326633e68646fd78ad5035af9e4d0.yaml @@ -0,0 +1,59 @@ +id: heateor-social-login-323326633e68646fd78ad5035af9e4d0 + +info: + name: > + Heateor Social Login WordPress <= 1.1.35 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b1d212b-75fe-4285-9c22-62b040e5a36c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/heateor-social-login/" + google-query: inurl:"/wp-content/plugins/heateor-social-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,heateor-social-login,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/heateor-social-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "heateor-social-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.35') \ No newline at end of file diff --git a/poc/auth/loginizer-security.yaml b/poc/auth/loginizer-security.yaml new file mode 100644 index 0000000000..eff9d22c3c --- /dev/null +++ b/poc/auth/loginizer-security.yaml @@ -0,0 +1,59 @@ +id: loginizer-security-a645aa27d21902e8047247162f3fd0fb + +info: + name: > + Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5db00b22-d766-4fde-86fe-98d90936028c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loginizer-security/" + google-query: inurl:"/wp-content/plugins/loginizer-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loginizer-security,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loginizer-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loginizer-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.2') \ No newline at end of file diff --git a/poc/backup/everest-backup-c5cfc7a8f5c040156a3bb37da7e93d2e.yaml b/poc/backup/everest-backup-c5cfc7a8f5c040156a3bb37da7e93d2e.yaml new file mode 100644 index 0000000000..b16f744e9d --- /dev/null +++ b/poc/backup/everest-backup-c5cfc7a8f5c040156a3bb37da7e93d2e.yaml @@ -0,0 +1,59 @@ +id: everest-backup-c5cfc7a8f5c040156a3bb37da7e93d2e + +info: + name: > + Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.2.13 - Sensitive Invormation Disclosure via procstat Log + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b871957-a2b3-492f-b461-7040d9098b2b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/everest-backup/" + google-query: inurl:"/wp-content/plugins/everest-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,everest-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/everest-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "everest-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.13') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10020-397e5cc97549d156277da4b33b2ec5af.yaml b/poc/cve/CVE-2024-10020-397e5cc97549d156277da4b33b2ec5af.yaml new file mode 100644 index 0000000000..862d11d1f9 --- /dev/null +++ b/poc/cve/CVE-2024-10020-397e5cc97549d156277da4b33b2ec5af.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10020-397e5cc97549d156277da4b33b2ec5af + +info: + name: > + Heateor Social Login WordPress <= 1.1.35 - Authentication Bypass + author: topscoder + severity: critical + description: > + The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b1d212b-75fe-4285-9c22-62b040e5a36c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.1 + cve-id: CVE-2024-10020 + metadata: + fofa-query: "wp-content/plugins/heateor-social-login/" + google-query: inurl:"/wp-content/plugins/heateor-social-login/" + shodan-query: 'vuln:CVE-2024-10020' + tags: cve,wordpress,wp-plugin,heateor-social-login,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/heateor-social-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "heateor-social-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.35') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10028-df3e6beddae25a2d75eafa93f8243ba1.yaml b/poc/cve/CVE-2024-10028-df3e6beddae25a2d75eafa93f8243ba1.yaml new file mode 100644 index 0000000000..d37f7a21e6 --- /dev/null +++ b/poc/cve/CVE-2024-10028-df3e6beddae25a2d75eafa93f8243ba1.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10028-df3e6beddae25a2d75eafa93f8243ba1 + +info: + name: > + Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.2.13 - Sensitive Invormation Disclosure via procstat Log + author: topscoder + severity: high + description: > + The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticated attackers to obtain an archive file name and download the site's backup. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b871957-a2b3-492f-b461-7040d9098b2b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2024-10028 + metadata: + fofa-query: "wp-content/plugins/everest-backup/" + google-query: inurl:"/wp-content/plugins/everest-backup/" + shodan-query: 'vuln:CVE-2024-10028' + tags: cve,wordpress,wp-plugin,everest-backup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/everest-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "everest-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.13') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10084-861e5ee4c434bf307e7c7990c04e71c6.yaml b/poc/cve/CVE-2024-10084-861e5ee4c434bf307e7c7990c04e71c6.yaml new file mode 100644 index 0000000000..f4f89e58d4 --- /dev/null +++ b/poc/cve/CVE-2024-10084-861e5ee4c434bf307e7c7990c04e71c6.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10084-861e5ee4c434bf307e7c7990c04e71c6 + +info: + name: > + Contact Form 7 – Dynamic Text Extension <= 4.5 - Information Disclosure via Shortcode + author: topscoder + severity: low + description: > + The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the titles and text contents of private and password-protected posts, they do not own. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e051a83e-ad5a-4789-bfee-e03aa9d6a3fc?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2024-10084 + metadata: + fofa-query: "wp-content/plugins/contact-form-7-dynamic-text-extension/" + google-query: inurl:"/wp-content/plugins/contact-form-7-dynamic-text-extension/" + shodan-query: 'vuln:CVE-2024-10084' + tags: cve,wordpress,wp-plugin,contact-form-7-dynamic-text-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-dynamic-text-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-dynamic-text-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10097.yaml b/poc/cve/CVE-2024-10097.yaml new file mode 100644 index 0000000000..822177765d --- /dev/null +++ b/poc/cve/CVE-2024-10097.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10097-66fdd14b5978d2ebbd6a9fee52d080ec + +info: + name: > + Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass + author: topscoder + severity: critical + description: > + The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5db00b22-d766-4fde-86fe-98d90936028c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.1 + cve-id: CVE-2024-10097 + metadata: + fofa-query: "wp-content/plugins/loginizer-security/" + google-query: inurl:"/wp-content/plugins/loginizer-security/" + shodan-query: 'vuln:CVE-2024-10097' + tags: cve,wordpress,wp-plugin,loginizer-security,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loginizer-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loginizer-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10114.yaml b/poc/cve/CVE-2024-10114.yaml new file mode 100644 index 0000000000..500b7b8b96 --- /dev/null +++ b/poc/cve/CVE-2024-10114.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10114-6564102a019f9d71ebb84293fc9159f1 + +info: + name: > + Social Login - WordPress / WooCommerce Plugin <= 2.7.7 - Authentication Bypass + author: topscoder + severity: critical + description: > + The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71df23bf-8f51-4260-be1f-ed5bc29d4afe?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.1 + cve-id: CVE-2024-10114 + metadata: + fofa-query: "wp-content/plugins/woo-social-login/" + google-query: inurl:"/wp-content/plugins/woo-social-login/" + shodan-query: 'vuln:CVE-2024-10114' + tags: cve,wordpress,wp-plugin,woo-social-login,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-social-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-social-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.7') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10168-5dd2e3f11455bb460d8442499d307db4.yaml b/poc/cve/CVE-2024-10168-5dd2e3f11455bb460d8442499d307db4.yaml new file mode 100644 index 0000000000..1804b1dbbb --- /dev/null +++ b/poc/cve/CVE-2024-10168-5dd2e3f11455bb460d8442499d307db4.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10168-5dd2e3f11455bb460d8442499d307db4 + +info: + name: > + Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via woot_button Shortcode + author: topscoder + severity: low + description: > + The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_button shortcode in all versions up to, and including, 1.0.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a13b13e-72d3-43c9-b5ec-d499f3b22091?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-10168 + metadata: + fofa-query: "wp-content/plugins/profit-products-tables-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/profit-products-tables-for-woocommerce/" + shodan-query: 'vuln:CVE-2024-10168' + tags: cve,wordpress,wp-plugin,profit-products-tables-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profit-products-tables-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profit-products-tables-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10186-6c60081d3957ea0f1a2bee057a6e3646.yaml b/poc/cve/CVE-2024-10186-6c60081d3957ea0f1a2bee057a6e3646.yaml new file mode 100644 index 0000000000..8590ce930e --- /dev/null +++ b/poc/cve/CVE-2024-10186-6c60081d3957ea0f1a2bee057a6e3646.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10186-6c60081d3957ea0f1a2bee057a6e3646 + +info: + name: > + Event Post <= 5.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via events_cal Shortcode + author: topscoder + severity: low + description: > + The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ae1c32-18a7-4109-a7ea-dfd18fa3a8e2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-10186 + metadata: + fofa-query: "wp-content/plugins/event-post/" + google-query: inurl:"/wp-content/plugins/event-post/" + shodan-query: 'vuln:CVE-2024-10186' + tags: cve,wordpress,wp-plugin,event-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10263.yaml b/poc/cve/CVE-2024-10263.yaml new file mode 100644 index 0000000000..ff9f7327f4 --- /dev/null +++ b/poc/cve/CVE-2024-10263.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10263-5a599dd7d83925469bc803c5aabfa610 + +info: + name: > + Tickera – WordPress Event Ticketing <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution + author: topscoder + severity: high + description: > + The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5e9249-9705-4cfa-9c8e-2e002190562b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L + cvss-score: 7.3 + cve-id: CVE-2024-10263 + metadata: + fofa-query: "wp-content/plugins/tickera-event-ticketing-system/" + google-query: inurl:"/wp-content/plugins/tickera-event-ticketing-system/" + shodan-query: 'vuln:CVE-2024-10263' + tags: cve,wordpress,wp-plugin,tickera-event-ticketing-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tickera-event-ticketing-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tickera-event-ticketing-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.4.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10319.yaml b/poc/cve/CVE-2024-10319.yaml new file mode 100644 index 0000000000..09af388cd6 --- /dev/null +++ b/poc/cve/CVE-2024-10319.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10319-5c0b2e6241c7af29d146faf4b6581f3b + +info: + name: > + 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template + author: topscoder + severity: low + description: > + The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the render function in widgets/content-toggle/layout/frontend.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/382a46c2-9fec-4642-93b0-c06b9ed1c086?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2024-10319 + metadata: + fofa-query: "wp-content/plugins/xpro-elementor-addons/" + google-query: inurl:"/wp-content/plugins/xpro-elementor-addons/" + shodan-query: 'vuln:CVE-2024-10319' + tags: cve,wordpress,wp-plugin,xpro-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xpro-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xpro-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10329.yaml b/poc/cve/CVE-2024-10329.yaml new file mode 100644 index 0000000000..11adb7a578 --- /dev/null +++ b/poc/cve/CVE-2024-10329.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10329-674336a2b18a0cf5dc2e5e17857d1636 + +info: + name: > + Ultimate Bootstrap Elements for Elementor <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure + author: topscoder + severity: low + description: > + The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ube_get_page_templates' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3af83ec2-9ebb-4cca-8523-8fe9b1517825?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2024-10329 + metadata: + fofa-query: "wp-content/plugins/ultimate-bootstrap-elements-for-elementor/" + google-query: inurl:"/wp-content/plugins/ultimate-bootstrap-elements-for-elementor/" + shodan-query: 'vuln:CVE-2024-10329' + tags: cve,wordpress,wp-plugin,ultimate-bootstrap-elements-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-bootstrap-elements-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-bootstrap-elements-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10340.yaml b/poc/cve/CVE-2024-10340.yaml new file mode 100644 index 0000000000..c218a50fdb --- /dev/null +++ b/poc/cve/CVE-2024-10340.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10340-3b29e898b9b2950a86e6a8953edaf31a + +info: + name: > + Shortcodes Blocks Creator Ultimate <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'scu' shortcode in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a9d6c71-98ce-4fa7-817a-43e4f3dc0602?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-10340 + metadata: + fofa-query: "wp-content/plugins/ultimate-shortcodes-creator/" + google-query: inurl:"/wp-content/plugins/ultimate-shortcodes-creator/" + shodan-query: 'vuln:CVE-2024-10340' + tags: cve,wordpress,wp-plugin,ultimate-shortcodes-creator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-shortcodes-creator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-shortcodes-creator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10482.yaml b/poc/cve/CVE-2024-10482.yaml new file mode 100644 index 0000000000..27b0429b14 --- /dev/null +++ b/poc/cve/CVE-2024-10482.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10482-845ce866c54cd77aff0707f285c1d085 + +info: + name: > + Media Library Tools <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO – Media Library Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/563f559e-528a-4d6b-98be-a3c2f45fee53?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-10482 + metadata: + fofa-query: "wp-content/plugins/media-library-tools/" + google-query: inurl:"/wp-content/plugins/media-library-tools/" + shodan-query: 'vuln:CVE-2024-10482' + tags: cve,wordpress,wp-plugin,media-library-tools,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-tools/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-tools" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10535-b51eb8fc6cda61a894f8bb87a3120536.yaml b/poc/cve/CVE-2024-10535-b51eb8fc6cda61a894f8bb87a3120536.yaml new file mode 100644 index 0000000000..d9e682af1a --- /dev/null +++ b/poc/cve/CVE-2024-10535-b51eb8fc6cda61a894f8bb87a3120536.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10535-b51eb8fc6cda61a894f8bb87a3120536 + +info: + name: > + Video Gallery for WooCommerce <= 1.31 - Missing Authorization to Unauthenticated Limited File Deletion + author: topscoder + severity: high + description: > + The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions up to, and including, 1.31. This makes it possible for unauthenticated attackers to delete thumbnails in the video-wc-gallery-thumb directory. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50259040-a984-42a8-8d58-cc94e349ca45?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-10535 + metadata: + fofa-query: "wp-content/plugins/video-wc-gallery/" + google-query: inurl:"/wp-content/plugins/video-wc-gallery/" + shodan-query: 'vuln:CVE-2024-10535' + tags: cve,wordpress,wp-plugin,video-wc-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-wc-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-wc-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.31') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10543-e240462908e52198328b07cf1527032a.yaml b/poc/cve/CVE-2024-10543-e240462908e52198328b07cf1527032a.yaml new file mode 100644 index 0000000000..f20a4667de --- /dev/null +++ b/poc/cve/CVE-2024-10543-e240462908e52198328b07cf1527032a.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10543-e240462908e52198328b07cf1527032a + +info: + name: > + Tumult Hype Animations <= 1.9.14 - Missing Authorization + author: topscoder + severity: low + description: > + The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve animation information. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7273526e-bb51-418f-9ac8-8832f2de1cd6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 + cve-id: CVE-2024-10543 + metadata: + fofa-query: "wp-content/plugins/tumult-hype-animations/" + google-query: inurl:"/wp-content/plugins/tumult-hype-animations/" + shodan-query: 'vuln:CVE-2024-10543' + tags: cve,wordpress,wp-plugin,tumult-hype-animations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tumult-hype-animations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tumult-hype-animations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.14') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10647-f9db24370dab16c6bbf61c415c445725.yaml b/poc/cve/CVE-2024-10647-f9db24370dab16c6bbf61c415c445725.yaml new file mode 100644 index 0000000000..f251e40ca0 --- /dev/null +++ b/poc/cve/CVE-2024-10647-f9db24370dab16c6bbf61c415c445725.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10647-f9db24370dab16c6bbf61c415c445725 + +info: + name: > + WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.9.244 - Reflected Cross-Site Scripting via URL + author: topscoder + severity: medium + description: > + The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6cab527f-bd67-4b67-8133-f085098d63dc?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-10647 + metadata: + fofa-query: "wp-content/plugins/ws-form/" + google-query: inurl:"/wp-content/plugins/ws-form/" + shodan-query: 'vuln:CVE-2024-10647' + tags: cve,wordpress,wp-plugin,ws-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ws-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ws-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.244') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10687.yaml b/poc/cve/CVE-2024-10687.yaml new file mode 100644 index 0000000000..1f8750bd60 --- /dev/null +++ b/poc/cve/CVE-2024-10687.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10687-d9989207d8a257bce53d182b8cda1c6d + +info: + name: > + Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 24.0.3 - Unauthenticated SQL Injection + author: topscoder + severity: critical + description: > + The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd3b4c44-d47a-45de-bcb2-0820e475b331?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-10687 + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:CVE-2024-10687' + tags: cve,wordpress,wp-plugin,contest-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 24.0.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10711.yaml b/poc/cve/CVE-2024-10711.yaml new file mode 100644 index 0000000000..f88c88dfc1 --- /dev/null +++ b/poc/cve/CVE-2024-10711.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10711-67db13badffeeb4f5ca81cc9213c6c29 + +info: + name: > + WooCommerce Report <= 1.5.1 - Cross-Site Request Forgery to Arbitrary Options Update + author: topscoder + severity: medium + description: > + The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1d21339-3a86-4bee-be86-2d2ab9190b26?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-10711 + metadata: + fofa-query: "wp-content/plugins/ithemelandco-woo-report/" + google-query: inurl:"/wp-content/plugins/ithemelandco-woo-report/" + shodan-query: 'vuln:CVE-2024-10711' + tags: cve,wordpress,wp-plugin,ithemelandco-woo-report,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ithemelandco-woo-report/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ithemelandco-woo-report" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-10715-ba1e405f986ec1f9d399b6eb9a27584a.yaml b/poc/cve/CVE-2024-10715-ba1e405f986ec1f9d399b6eb9a27584a.yaml new file mode 100644 index 0000000000..3e8817c5af --- /dev/null +++ b/poc/cve/CVE-2024-10715-ba1e405f986ec1f9d399b6eb9a27584a.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10715-ba1e405f986ec1f9d399b6eb9a27584a + +info: + name: > + MapPress Maps for WordPress <= 2.94.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Block + author: topscoder + severity: low + description: > + The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d966924-aeab-4397-9555-78291af70efe?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-10715 + metadata: + fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/" + google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/" + shodan-query: 'vuln:CVE-2024-10715' + tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mappress-google-maps-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mappress-google-maps-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.94.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-6626-f9bef46915a3a330a207c0a775a0bb79.yaml b/poc/cve/CVE-2024-6626-f9bef46915a3a330a207c0a775a0bb79.yaml new file mode 100644 index 0000000000..487ddc9676 --- /dev/null +++ b/poc/cve/CVE-2024-6626-f9bef46915a3a330a207c0a775a0bb79.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-6626-f9bef46915a3a330a207c0a775a0bb79 + +info: + name: > + EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Missing Authorization + author: topscoder + severity: high + description: > + The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. This makes it possible for unauthenticated attackers to view form submissions. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eccea504-b8b9-46d3-b9fd-ae893528e521?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2024-6626 + metadata: + fofa-query: "wp-content/plugins/all-contact-form-integration-for-elementor/" + google-query: inurl:"/wp-content/plugins/all-contact-form-integration-for-elementor/" + shodan-query: 'vuln:CVE-2024-6626' + tags: cve,wordpress,wp-plugin,all-contact-form-integration-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-contact-form-integration-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-contact-form-integration-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.9.9') \ No newline at end of file diff --git a/poc/cve/CVE-2024-7429.yaml b/poc/cve/CVE-2024-7429.yaml new file mode 100644 index 0000000000..de72463c9f --- /dev/null +++ b/poc/cve/CVE-2024-7429.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-7429-6f110eb5eb2276cd5a0fa1741f06f1ba + +info: + name: > + Zotpress <= 7.3.12 - Missing Authorization + author: topscoder + severity: low + description: > + The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and including, 7.3.12. This makes it possible for authenticated attackers, with Contributor-level access and above, to reset the plugin's settings. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f38676b-270f-4b0f-bc98-a14a26b86a50?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-7429 + metadata: + fofa-query: "wp-content/plugins/zotpress/" + google-query: inurl:"/wp-content/plugins/zotpress/" + shodan-query: 'vuln:CVE-2024-7429' + tags: cve,wordpress,wp-plugin,zotpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zotpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zotpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.12') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8323-4ed9338d4016d43f068c4fcd74a023c5.yaml b/poc/cve/CVE-2024-8323-4ed9338d4016d43f068c4fcd74a023c5.yaml new file mode 100644 index 0000000000..152b607f49 --- /dev/null +++ b/poc/cve/CVE-2024-8323-4ed9338d4016d43f068c4fcd74a023c5.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8323-4ed9338d4016d43f068c4fcd74a023c5 + +info: + name: > + Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fontFamily Attribute + author: topscoder + severity: low + description: > + The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fontFamily’ attribute in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68fb1fd3-16aa-467f-b5f6-a6126b05e088?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-8323 + metadata: + fofa-query: "wp-content/plugins/easy-pricing-tables/" + google-query: inurl:"/wp-content/plugins/easy-pricing-tables/" + shodan-query: 'vuln:CVE-2024-8323' + tags: cve,wordpress,wp-plugin,easy-pricing-tables,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-pricing-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-pricing-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.6') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8614-bba78351631009c8b9f8ed8085ea49bd.yaml b/poc/cve/CVE-2024-8614-bba78351631009c8b9f8ed8085ea49bd.yaml new file mode 100644 index 0000000000..119d2960ea --- /dev/null +++ b/poc/cve/CVE-2024-8614-bba78351631009c8b9f8ed8085ea49bd.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8614-bba78351631009c8b9f8ed8085ea49bd + +info: + name: > + WP JobSearch <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7832f8fe-2b41-4cfb-a734-db4ec88d91a3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H + cvss-score: 9.9 + cve-id: CVE-2024-8614 + metadata: + fofa-query: "wp-content/plugins/wp-jobsearch/" + google-query: inurl:"/wp-content/plugins/wp-jobsearch/" + shodan-query: 'vuln:CVE-2024-8614' + tags: cve,wordpress,wp-plugin,wp-jobsearch,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.7') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8615-bdd0f38bd4eb685ae0f9168bc6274ee8.yaml b/poc/cve/CVE-2024-8615-bdd0f38bd4eb685ae0f9168bc6274ee8.yaml new file mode 100644 index 0000000000..8ba2df4e55 --- /dev/null +++ b/poc/cve/CVE-2024-8615-bdd0f38bd4eb685ae0f9168bc6274ee8.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8615-bdd0f38bd4eb685ae0f9168bc6274ee8 + +info: + name: > + WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: critical + description: > + The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd718d44-4921-4deb-af5a-43e5f3926914?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2024-8615 + metadata: + fofa-query: "wp-content/plugins/wp-jobsearch/" + google-query: inurl:"/wp-content/plugins/wp-jobsearch/" + shodan-query: 'vuln:CVE-2024-8615' + tags: cve,wordpress,wp-plugin,wp-jobsearch,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.7') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9178.yaml b/poc/cve/CVE-2024-9178.yaml new file mode 100644 index 0000000000..8b63f06cf4 --- /dev/null +++ b/poc/cve/CVE-2024-9178.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9178-a7fff85e8c000868e1e7370c1df60d15 + +info: + name: > + XT Floating Cart for WooCommerce <= 2.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + The XT Floating Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/921be7ff-3d38-4b69-8a1f-a64d5aabd2dd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9178 + metadata: + fofa-query: "wp-content/plugins/woo-floating-cart-lite/" + google-query: inurl:"/wp-content/plugins/woo-floating-cart-lite/" + shodan-query: 'vuln:CVE-2024-9178' + tags: cve,wordpress,wp-plugin,woo-floating-cart-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-floating-cart-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-floating-cart-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9307-f97e0d22f048961712c6b4369a193dce.yaml b/poc/cve/CVE-2024-9307-f97e0d22f048961712c6b4369a193dce.yaml new file mode 100644 index 0000000000..d3f934dfd8 --- /dev/null +++ b/poc/cve/CVE-2024-9307-f97e0d22f048961712c6b4369a193dce.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9307-f97e0d22f048961712c6b4369a193dce + +info: + name: > + mFolio Lite <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVG Files + author: topscoder + severity: low + description: > + The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file or upload arbitrary EXE files on the affected site's server which may make remote code execution possible if the attacker can also gain access to run the .exe file, or trick a site visitor into downloading and running the .exe file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b4012dd-7c0a-45f1-8ada-8f9dc6867e1e?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H + cvss-score: 9.9 + cve-id: CVE-2024-9307 + metadata: + fofa-query: "wp-content/plugins/mfolio-lite/" + google-query: inurl:"/wp-content/plugins/mfolio-lite/" + shodan-query: 'vuln:CVE-2024-9307' + tags: cve,wordpress,wp-plugin,mfolio-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mfolio-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mfolio-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9443.yaml b/poc/cve/CVE-2024-9443.yaml new file mode 100644 index 0000000000..a428c8eb8a --- /dev/null +++ b/poc/cve/CVE-2024-9443.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9443-8a1b073b17522dd981e6fee1d9c12cf9 + +info: + name: > + Basticom Framework <= 1.5.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3dd3dc4b-e936-46a4-8d65-5f4bf05b2374?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-9443 + metadata: + fofa-query: "wp-content/plugins/basticom-framework/" + google-query: inurl:"/wp-content/plugins/basticom-framework/" + shodan-query: 'vuln:CVE-2024-9443' + tags: cve,wordpress,wp-plugin,basticom-framework,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/basticom-framework/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "basticom-framework" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9657.yaml b/poc/cve/CVE-2024-9657.yaml new file mode 100644 index 0000000000..da58f4bd9f --- /dev/null +++ b/poc/cve/CVE-2024-9657.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9657-dd8407e47fb5333a5395e7c73b8d6f4f + +info: + name: > + Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip' parameter in all versions up to, and including, 5.10.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67eb77e9-7e0b-4134-9cb6-30ba78f6a686?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2024-9657 + metadata: + fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/" + shodan-query: 'vuln:CVE-2024-9657' + tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-element-pack-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-element-pack-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.10.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9667.yaml b/poc/cve/CVE-2024-9667.yaml new file mode 100644 index 0000000000..ace2478591 --- /dev/null +++ b/poc/cve/CVE-2024-9667.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9667-a1addcc71f016a7e0b8f16b6095d9d7c + +info: + name: > + Seriously Simple Podcasting <= 3.5.0 - Reflected Cross-Site Scripting via add_query_arg Parameter + author: topscoder + severity: medium + description: > + The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4232656-2e97-4888-8dde-14039d8c2f9d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-9667 + metadata: + fofa-query: "wp-content/plugins/seriously-simple-podcasting/" + google-query: inurl:"/wp-content/plugins/seriously-simple-podcasting/" + shodan-query: 'vuln:CVE-2024-9667' + tags: cve,wordpress,wp-plugin,seriously-simple-podcasting,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seriously-simple-podcasting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seriously-simple-podcasting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9867.yaml b/poc/cve/CVE-2024-9867.yaml new file mode 100644 index 0000000000..fd69ed35fb --- /dev/null +++ b/poc/cve/CVE-2024-9867.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9867-28418454e7529e38f715c32d4d7e771c + +info: + name: > + Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+ Stored Cross-Site Scripting via Open Map Widget + author: topscoder + severity: low + description: > + The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget' marker_content parameter in all versions up to, and including, 5.10.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cca2bd96-ac3c-480c-8fe7-fb5227a093ae?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2024-9867 + metadata: + fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/" + shodan-query: 'vuln:CVE-2024-9867' + tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-element-pack-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-element-pack-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.10.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9878.yaml b/poc/cve/CVE-2024-9878.yaml new file mode 100644 index 0000000000..dfa354d5f3 --- /dev/null +++ b/poc/cve/CVE-2024-9878.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9878-24180a128592e4c279c5c3ae1fe81645 + +info: + name: > + Photo Gallery by 10Web <= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfa1192b-34f5-4b71-8fff-14f2d4ac4aca?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N + cvss-score: 4.4 + cve-id: CVE-2024-9878 + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:CVE-2024-9878' + tags: cve,wordpress,wp-plugin,photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.30') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9946-d4a8825baaf2cfd00d266023da36083a.yaml b/poc/cve/CVE-2024-9946-d4a8825baaf2cfd00d266023da36083a.yaml new file mode 100644 index 0000000000..42026d47d8 --- /dev/null +++ b/poc/cve/CVE-2024-9946-d4a8825baaf2cfd00d266023da36083a.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9946-d4a8825baaf2cfd00d266023da36083a + +info: + name: > + Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.13.68 - Authentication Bypass + author: topscoder + severity: critical + description: > + The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.13.68. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login. The vulnerability was partially patched in version 7.13.68. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c394b8b6-b7f6-4ba7-8a2b-98160cc286a8?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.1 + cve-id: CVE-2024-9946 + metadata: + fofa-query: "wp-content/plugins/super-socializer/" + google-query: inurl:"/wp-content/plugins/super-socializer/" + shodan-query: 'vuln:CVE-2024-9946' + tags: cve,wordpress,wp-plugin,super-socializer,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-socializer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-socializer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.13.68') \ No newline at end of file diff --git a/poc/cve/CVE-2024-9990-7618e8dcf5a44c49180add784d278f41.yaml b/poc/cve/CVE-2024-9990-7618e8dcf5a44c49180add784d278f41.yaml new file mode 100644 index 0000000000..e97f461467 --- /dev/null +++ b/poc/cve/CVE-2024-9990-7618e8dcf5a44c49180add784d278f41.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-9990-7618e8dcf5a44c49180add784d278f41 + +info: + name: > + Crypto <= 2.15 - Cross-Site Request Forgery to Authentication Bypass + author: topscoder + severity: medium + description: > + The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cea39157-94aa-4982-983e-9c3e4b1af86d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-9990 + metadata: + fofa-query: "wp-content/plugins/crypto/" + google-query: inurl:"/wp-content/plugins/crypto/" + shodan-query: 'vuln:CVE-2024-9990' + tags: cve,wordpress,wp-plugin,crypto,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crypto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crypto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15') \ No newline at end of file diff --git a/poc/google/mappress-google-maps-for-wordpress-b25abd0d3654b1f737abc8339b1e67c2.yaml b/poc/google/mappress-google-maps-for-wordpress-b25abd0d3654b1f737abc8339b1e67c2.yaml new file mode 100644 index 0000000000..7f8a7040f7 --- /dev/null +++ b/poc/google/mappress-google-maps-for-wordpress-b25abd0d3654b1f737abc8339b1e67c2.yaml @@ -0,0 +1,59 @@ +id: mappress-google-maps-for-wordpress-b25abd0d3654b1f737abc8339b1e67c2 + +info: + name: > + MapPress Maps for WordPress <= 2.94.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Block + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d966924-aeab-4397-9555-78291af70efe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/" + google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mappress-google-maps-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mappress-google-maps-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.94.1') \ No newline at end of file diff --git a/poc/other/all-contact-form-integration-for-elementor-c024b871ad471c95d80fa5f7bca0464c.yaml b/poc/other/all-contact-form-integration-for-elementor-c024b871ad471c95d80fa5f7bca0464c.yaml new file mode 100644 index 0000000000..2a8a4c6f56 --- /dev/null +++ b/poc/other/all-contact-form-integration-for-elementor-c024b871ad471c95d80fa5f7bca0464c.yaml @@ -0,0 +1,59 @@ +id: all-contact-form-integration-for-elementor-c024b871ad471c95d80fa5f7bca0464c + +info: + name: > + EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eccea504-b8b9-46d3-b9fd-ae893528e521?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-contact-form-integration-for-elementor/" + google-query: inurl:"/wp-content/plugins/all-contact-form-integration-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-contact-form-integration-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-contact-form-integration-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-contact-form-integration-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.9.9') \ No newline at end of file diff --git a/poc/other/basticom-framework.yaml b/poc/other/basticom-framework.yaml new file mode 100644 index 0000000000..9eac5014e5 --- /dev/null +++ b/poc/other/basticom-framework.yaml @@ -0,0 +1,59 @@ +id: basticom-framework-097ce8a46bb24be5e834be4251b8f593 + +info: + name: > + Basticom Framework <= 1.5.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3dd3dc4b-e936-46a4-8d65-5f4bf05b2374?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/basticom-framework/" + google-query: inurl:"/wp-content/plugins/basticom-framework/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,basticom-framework,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/basticom-framework/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "basticom-framework" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/poc/other/easy-pricing-tables-fab475ecd98714101dcd7cbc582e3f43.yaml b/poc/other/easy-pricing-tables-fab475ecd98714101dcd7cbc582e3f43.yaml new file mode 100644 index 0000000000..a7df68b324 --- /dev/null +++ b/poc/other/easy-pricing-tables-fab475ecd98714101dcd7cbc582e3f43.yaml @@ -0,0 +1,59 @@ +id: easy-pricing-tables-fab475ecd98714101dcd7cbc582e3f43 + +info: + name: > + Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fontFamily Attribute + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68fb1fd3-16aa-467f-b5f6-a6126b05e088?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-pricing-tables/" + google-query: inurl:"/wp-content/plugins/easy-pricing-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-pricing-tables,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-pricing-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-pricing-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.6') \ No newline at end of file diff --git a/poc/other/event-post-12a19d0523d91d302e58f735caa56444.yaml b/poc/other/event-post-12a19d0523d91d302e58f735caa56444.yaml new file mode 100644 index 0000000000..fecc161b5d --- /dev/null +++ b/poc/other/event-post-12a19d0523d91d302e58f735caa56444.yaml @@ -0,0 +1,59 @@ +id: event-post-12a19d0523d91d302e58f735caa56444 + +info: + name: > + Event Post <= 5.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via events_cal Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ae1c32-18a7-4109-a7ea-dfd18fa3a8e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-post/" + google-query: inurl:"/wp-content/plugins/event-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.6') \ No newline at end of file diff --git a/poc/other/media-library-tools.yaml b/poc/other/media-library-tools.yaml new file mode 100644 index 0000000000..0a1011c510 --- /dev/null +++ b/poc/other/media-library-tools.yaml @@ -0,0 +1,59 @@ +id: media-library-tools-5ae8fca1229228fabe2ecc861184d642 + +info: + name: > + Media Library Tools <= 1.4.0 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/563f559e-528a-4d6b-98be-a3c2f45fee53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-tools/" + google-query: inurl:"/wp-content/plugins/media-library-tools/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-tools,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-tools/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-tools" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/poc/other/mfolio-lite-d859e177ea1a9c5a736a9d6f6e67bfac.yaml b/poc/other/mfolio-lite-d859e177ea1a9c5a736a9d6f6e67bfac.yaml new file mode 100644 index 0000000000..0a7544830f --- /dev/null +++ b/poc/other/mfolio-lite-d859e177ea1a9c5a736a9d6f6e67bfac.yaml @@ -0,0 +1,59 @@ +id: mfolio-lite-d859e177ea1a9c5a736a9d6f6e67bfac + +info: + name: > + mFolio Lite <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVG Files + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b4012dd-7c0a-45f1-8ada-8f9dc6867e1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mfolio-lite/" + google-query: inurl:"/wp-content/plugins/mfolio-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mfolio-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mfolio-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mfolio-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/poc/other/nuclei-flow-dns-id.yaml b/poc/other/nuclei-flow-dns-id.yaml new file mode 100644 index 0000000000..8b5987e305 --- /dev/null +++ b/poc/other/nuclei-flow-dns-id.yaml @@ -0,0 +1,41 @@ +id: nuclei-flow-dns + +info: + name: Nuclei flow dns + author: pdteam + severity: info + description: Description of the Template + reference: https://example-reference-link + +flow: | + dns(1); + template["nameservers"].forEach(nameserver => { + set("nameserver",nameserver); + dns("probe-ns"); + }); + +dns: + - name: "{{FQDN}}" + type: NS + matchers: + - type: word + words: + - "IN\tNS" + extractors: + - type: regex + internal: true + name: "nameservers" + group: 1 + regex: + - "IN\tNS\t(.+)" + + - id: "probe-ns" + name: "{{nameserver}}" + type: A + class: inet + retries: 3 + recursion: true + extractors: + - type: dsl + dsl: + - "a" \ No newline at end of file diff --git a/poc/other/tumult-hype-animations-a40e28814c5b2b5736baca4a102e409e.yaml b/poc/other/tumult-hype-animations-a40e28814c5b2b5736baca4a102e409e.yaml new file mode 100644 index 0000000000..63fc51a5e9 --- /dev/null +++ b/poc/other/tumult-hype-animations-a40e28814c5b2b5736baca4a102e409e.yaml @@ -0,0 +1,59 @@ +id: tumult-hype-animations-a40e28814c5b2b5736baca4a102e409e + +info: + name: > + Tumult Hype Animations <= 1.9.14 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7273526e-bb51-418f-9ac8-8832f2de1cd6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tumult-hype-animations/" + google-query: inurl:"/wp-content/plugins/tumult-hype-animations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tumult-hype-animations,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tumult-hype-animations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tumult-hype-animations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.14') \ No newline at end of file diff --git a/poc/other/ultimate-shortcodes-creator.yaml b/poc/other/ultimate-shortcodes-creator.yaml new file mode 100644 index 0000000000..b61c3e3b81 --- /dev/null +++ b/poc/other/ultimate-shortcodes-creator.yaml @@ -0,0 +1,59 @@ +id: ultimate-shortcodes-creator-7cb016b2f164bd8fa0e7c99a22d1b00c + +info: + name: > + Shortcodes Blocks Creator Ultimate <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a9d6c71-98ce-4fa7-817a-43e4f3dc0602?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-shortcodes-creator/" + google-query: inurl:"/wp-content/plugins/ultimate-shortcodes-creator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-shortcodes-creator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-shortcodes-creator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-shortcodes-creator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/poc/other/video-wc-gallery-029c350c02002469cde9b83d6fd37ee6.yaml b/poc/other/video-wc-gallery-029c350c02002469cde9b83d6fd37ee6.yaml new file mode 100644 index 0000000000..1371d1ba3b --- /dev/null +++ b/poc/other/video-wc-gallery-029c350c02002469cde9b83d6fd37ee6.yaml @@ -0,0 +1,59 @@ +id: video-wc-gallery-029c350c02002469cde9b83d6fd37ee6 + +info: + name: > + Video Gallery for WooCommerce <= 1.31 - Missing Authorization to Unauthenticated Limited File Deletion + author: topscoder + severity: high + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50259040-a984-42a8-8d58-cc94e349ca45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-wc-gallery/" + google-query: inurl:"/wp-content/plugins/video-wc-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-wc-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-wc-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-wc-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.31') \ No newline at end of file diff --git a/poc/other/ws-form-856910179a627c14492979cf129b6c0a.yaml b/poc/other/ws-form-856910179a627c14492979cf129b6c0a.yaml new file mode 100644 index 0000000000..1f2cb7bd41 --- /dev/null +++ b/poc/other/ws-form-856910179a627c14492979cf129b6c0a.yaml @@ -0,0 +1,59 @@ +id: ws-form-856910179a627c14492979cf129b6c0a + +info: + name: > + WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.9.244 - Reflected Cross-Site Scripting via URL + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6cab527f-bd67-4b67-8133-f085098d63dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ws-form/" + google-query: inurl:"/wp-content/plugins/ws-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ws-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ws-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ws-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.244') \ No newline at end of file diff --git a/poc/remote_code_execution/profit-products-tables-for-woocommerce-48c7496a59f1b46c410766acb760066a.yaml b/poc/remote_code_execution/profit-products-tables-for-woocommerce-48c7496a59f1b46c410766acb760066a.yaml new file mode 100644 index 0000000000..4975f11c0a --- /dev/null +++ b/poc/remote_code_execution/profit-products-tables-for-woocommerce-48c7496a59f1b46c410766acb760066a.yaml @@ -0,0 +1,59 @@ +id: profit-products-tables-for-woocommerce-48c7496a59f1b46c410766acb760066a + +info: + name: > + Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via woot_button Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a13b13e-72d3-43c9-b5ec-d499f3b22091?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profit-products-tables-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/profit-products-tables-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profit-products-tables-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profit-products-tables-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profit-products-tables-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6.4') \ No newline at end of file diff --git a/poc/search/wp-jobsearch-03a6d4009d3c764773bb4fad50720c2f.yaml b/poc/search/wp-jobsearch-03a6d4009d3c764773bb4fad50720c2f.yaml new file mode 100644 index 0000000000..4eceefacbf --- /dev/null +++ b/poc/search/wp-jobsearch-03a6d4009d3c764773bb4fad50720c2f.yaml @@ -0,0 +1,59 @@ +id: wp-jobsearch-03a6d4009d3c764773bb4fad50720c2f + +info: + name: > + WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd718d44-4921-4deb-af5a-43e5f3926914?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-jobsearch/" + google-query: inurl:"/wp-content/plugins/wp-jobsearch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-jobsearch,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.7') \ No newline at end of file diff --git a/poc/search/wp-jobsearch-879f053d3d5e68742fb10961828f18bd.yaml b/poc/search/wp-jobsearch-879f053d3d5e68742fb10961828f18bd.yaml new file mode 100644 index 0000000000..dfd3d8e326 --- /dev/null +++ b/poc/search/wp-jobsearch-879f053d3d5e68742fb10961828f18bd.yaml @@ -0,0 +1,59 @@ +id: wp-jobsearch-879f053d3d5e68742fb10961828f18bd + +info: + name: > + WP JobSearch <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7832f8fe-2b41-4cfb-a734-db4ec88d91a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-jobsearch/" + google-query: inurl:"/wp-content/plugins/wp-jobsearch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-jobsearch,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.7') \ No newline at end of file diff --git a/poc/social/heateor-social-login-323326633e68646fd78ad5035af9e4d0.yaml b/poc/social/heateor-social-login-323326633e68646fd78ad5035af9e4d0.yaml new file mode 100644 index 0000000000..b0531e5417 --- /dev/null +++ b/poc/social/heateor-social-login-323326633e68646fd78ad5035af9e4d0.yaml @@ -0,0 +1,59 @@ +id: heateor-social-login-323326633e68646fd78ad5035af9e4d0 + +info: + name: > + Heateor Social Login WordPress <= 1.1.35 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b1d212b-75fe-4285-9c22-62b040e5a36c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/heateor-social-login/" + google-query: inurl:"/wp-content/plugins/heateor-social-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,heateor-social-login,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/heateor-social-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "heateor-social-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.35') \ No newline at end of file diff --git a/poc/social/super-socializer-cde74c5a0c4bf7a055439768691fa7e9.yaml b/poc/social/super-socializer-cde74c5a0c4bf7a055439768691fa7e9.yaml new file mode 100644 index 0000000000..ae9ba2a0f7 --- /dev/null +++ b/poc/social/super-socializer-cde74c5a0c4bf7a055439768691fa7e9.yaml @@ -0,0 +1,59 @@ +id: super-socializer-cde74c5a0c4bf7a055439768691fa7e9 + +info: + name: > + Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.13.68 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c394b8b6-b7f6-4ba7-8a2b-98160cc286a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/super-socializer/" + google-query: inurl:"/wp-content/plugins/super-socializer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,super-socializer,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-socializer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-socializer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.13.68') \ No newline at end of file diff --git a/poc/sql/CVE-2024-10168-5dd2e3f11455bb460d8442499d307db4.yaml b/poc/sql/CVE-2024-10168-5dd2e3f11455bb460d8442499d307db4.yaml new file mode 100644 index 0000000000..1804b1dbbb --- /dev/null +++ b/poc/sql/CVE-2024-10168-5dd2e3f11455bb460d8442499d307db4.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10168-5dd2e3f11455bb460d8442499d307db4 + +info: + name: > + Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via woot_button Shortcode + author: topscoder + severity: low + description: > + The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_button shortcode in all versions up to, and including, 1.0.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a13b13e-72d3-43c9-b5ec-d499f3b22091?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-10168 + metadata: + fofa-query: "wp-content/plugins/profit-products-tables-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/profit-products-tables-for-woocommerce/" + shodan-query: 'vuln:CVE-2024-10168' + tags: cve,wordpress,wp-plugin,profit-products-tables-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profit-products-tables-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profit-products-tables-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6.4') \ No newline at end of file diff --git a/poc/sql/CVE-2024-10647-f9db24370dab16c6bbf61c415c445725.yaml b/poc/sql/CVE-2024-10647-f9db24370dab16c6bbf61c415c445725.yaml new file mode 100644 index 0000000000..f251e40ca0 --- /dev/null +++ b/poc/sql/CVE-2024-10647-f9db24370dab16c6bbf61c415c445725.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10647-f9db24370dab16c6bbf61c415c445725 + +info: + name: > + WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.9.244 - Reflected Cross-Site Scripting via URL + author: topscoder + severity: medium + description: > + The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6cab527f-bd67-4b67-8133-f085098d63dc?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-10647 + metadata: + fofa-query: "wp-content/plugins/ws-form/" + google-query: inurl:"/wp-content/plugins/ws-form/" + shodan-query: 'vuln:CVE-2024-10647' + tags: cve,wordpress,wp-plugin,ws-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ws-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ws-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.244') \ No newline at end of file diff --git a/poc/sql/contact-form-7-dynamic-text-extension-19c0a0b29d21408f77a2c0691f216dbb.yaml b/poc/sql/contact-form-7-dynamic-text-extension-19c0a0b29d21408f77a2c0691f216dbb.yaml new file mode 100644 index 0000000000..0ad4e2f5a1 --- /dev/null +++ b/poc/sql/contact-form-7-dynamic-text-extension-19c0a0b29d21408f77a2c0691f216dbb.yaml @@ -0,0 +1,59 @@ +id: contact-form-7-dynamic-text-extension-19c0a0b29d21408f77a2c0691f216dbb + +info: + name: > + Contact Form 7 – Dynamic Text Extension <= 4.5 - Information Disclosure via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e051a83e-ad5a-4789-bfee-e03aa9d6a3fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-dynamic-text-extension/" + google-query: inurl:"/wp-content/plugins/contact-form-7-dynamic-text-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-dynamic-text-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-dynamic-text-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-dynamic-text-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5') \ No newline at end of file diff --git a/poc/wordpress/mappress-google-maps-for-wordpress-b25abd0d3654b1f737abc8339b1e67c2.yaml b/poc/wordpress/mappress-google-maps-for-wordpress-b25abd0d3654b1f737abc8339b1e67c2.yaml new file mode 100644 index 0000000000..7f8a7040f7 --- /dev/null +++ b/poc/wordpress/mappress-google-maps-for-wordpress-b25abd0d3654b1f737abc8339b1e67c2.yaml @@ -0,0 +1,59 @@ +id: mappress-google-maps-for-wordpress-b25abd0d3654b1f737abc8339b1e67c2 + +info: + name: > + MapPress Maps for WordPress <= 2.94.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Block + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d966924-aeab-4397-9555-78291af70efe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/" + google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mappress-google-maps-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mappress-google-maps-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.94.1') \ No newline at end of file diff --git a/poc/wordpress/wp-jobsearch-03a6d4009d3c764773bb4fad50720c2f.yaml b/poc/wordpress/wp-jobsearch-03a6d4009d3c764773bb4fad50720c2f.yaml new file mode 100644 index 0000000000..4eceefacbf --- /dev/null +++ b/poc/wordpress/wp-jobsearch-03a6d4009d3c764773bb4fad50720c2f.yaml @@ -0,0 +1,59 @@ +id: wp-jobsearch-03a6d4009d3c764773bb4fad50720c2f + +info: + name: > + WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd718d44-4921-4deb-af5a-43e5f3926914?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-jobsearch/" + google-query: inurl:"/wp-content/plugins/wp-jobsearch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-jobsearch,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.7') \ No newline at end of file diff --git a/poc/wordpress/wp-jobsearch-879f053d3d5e68742fb10961828f18bd.yaml b/poc/wordpress/wp-jobsearch-879f053d3d5e68742fb10961828f18bd.yaml new file mode 100644 index 0000000000..dfd3d8e326 --- /dev/null +++ b/poc/wordpress/wp-jobsearch-879f053d3d5e68742fb10961828f18bd.yaml @@ -0,0 +1,59 @@ +id: wp-jobsearch-879f053d3d5e68742fb10961828f18bd + +info: + name: > + WP JobSearch <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7832f8fe-2b41-4cfb-a734-db4ec88d91a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-jobsearch/" + google-query: inurl:"/wp-content/plugins/wp-jobsearch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-jobsearch,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.7') \ No newline at end of file