-
Notifications
You must be signed in to change notification settings - Fork 272
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
8b2291e
commit 1c786a8
Showing
149 changed files
with
7,932 additions
and
354 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
20240819 | ||
20240820 |
59 changes: 59 additions & 0 deletions
59
poc/backup/snapshot-backup-518ee5abfc5c619140ace18f02fca8ee.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: snapshot-backup-518ee5abfc5c619140ace18f02fca8ee | ||
|
||
info: | ||
name: > | ||
Snapshot Backup <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting | ||
author: topscoder | ||
severity: medium | ||
description: > | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b467fc26-242f-47c4-bcfd-38980489a0c3?source=api-scan | ||
classification: | ||
cvss-metrics: | ||
cvss-score: | ||
cve-id: | ||
metadata: | ||
fofa-query: "wp-content/plugins/snapshot-backup/" | ||
google-query: inurl:"/wp-content/plugins/snapshot-backup/" | ||
shodan-query: 'vuln:' | ||
tags: cve,wordpress,wp-plugin,snapshot-backup,medium | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/snapshot-backup/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "snapshot-backup" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 2.1.1') |
59 changes: 59 additions & 0 deletions
59
poc/cve/CVE-2022-1206-bbfcec5a838b2b14e78ed6986ba9a4ca.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2022-1206-bbfcec5a838b2b14e78ed6986ba9a4ca | ||
|
||
info: | ||
name: > | ||
AdRotate – Ad manager & AdSense Ads <= 5.13.2 - Authenticated (Admin+) Double Extension Arbitrary File Upload | ||
author: topscoder | ||
severity: low | ||
description: > | ||
The AdRotate Banner Manager – The only ad manager you'll need plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension sanitization in the adrotate_insert_media() function in all versions up to, and including, 5.13.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9f92219a-e07e-422d-a9f2-dbe4fbcd5f55?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | ||
cvss-score: 7.2 | ||
cve-id: CVE-2022-1206 | ||
metadata: | ||
fofa-query: "wp-content/plugins/adrotate/" | ||
google-query: inurl:"/wp-content/plugins/adrotate/" | ||
shodan-query: 'vuln:CVE-2022-1206' | ||
tags: cve,wordpress,wp-plugin,adrotate,low | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/adrotate/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "adrotate" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 5.13.2') |
59 changes: 59 additions & 0 deletions
59
poc/cve/CVE-2024-43210-c00b158f348148a948ad30200894c026.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2024-43210-c00b158f348148a948ad30200894c026 | ||
|
||
info: | ||
name: > | ||
LA-Studio Element Kit for Elementor <= 1.3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | ||
author: topscoder | ||
severity: low | ||
description: > | ||
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.9.2 due to insufficient input sanitization and output escaping on title tags found in blocks. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bfa12bf7-5056-4d65-885c-36fcb37c017c?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N | ||
cvss-score: 6.4 | ||
cve-id: CVE-2024-43210 | ||
metadata: | ||
fofa-query: "wp-content/plugins/lastudio-element-kit/" | ||
google-query: inurl:"/wp-content/plugins/lastudio-element-kit/" | ||
shodan-query: 'vuln:CVE-2024-43210' | ||
tags: cve,wordpress,wp-plugin,lastudio-element-kit,low | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/lastudio-element-kit/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "lastudio-element-kit" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 1.3.9.2') |
59 changes: 59 additions & 0 deletions
59
poc/cve/CVE-2024-43216-f2dc4220b6ea8c45c403bfb4dc6072f7.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2024-43216-f2dc4220b6ea8c45c403bfb4dc6072f7 | ||
|
||
info: | ||
name: > | ||
Filr – Secure document library <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting | ||
author: topscoder | ||
severity: low | ||
description: > | ||
The Filr – Secure document library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b20ec769-822a-4d9b-9824-6e29d3677ac3?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N | ||
cvss-score: 4.4 | ||
cve-id: CVE-2024-43216 | ||
metadata: | ||
fofa-query: "wp-content/plugins/filr-protection/" | ||
google-query: inurl:"/wp-content/plugins/filr-protection/" | ||
shodan-query: 'vuln:CVE-2024-43216' | ||
tags: cve,wordpress,wp-plugin,filr-protection,low | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/filr-protection/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "filr-protection" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 1.2.4') |
59 changes: 59 additions & 0 deletions
59
poc/cve/CVE-2024-43277-6b4940f2eac79c6e5fa7f9ba0cc0604e.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2024-43277-6b4940f2eac79c6e5fa7f9ba0cc0604e | ||
|
||
info: | ||
name: > | ||
UsersWP <= 1.2.15 - Missing Authorization | ||
author: topscoder | ||
severity: high | ||
description: > | ||
The UsersWP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activation_redirect() function in versions up to, and including, 1.2.15. This makes it possible for unauthenticated attackers to trigger the activation redirect. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ab5a88a9-55ff-428d-9ce2-3247f5d48266?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | ||
cvss-score: 5.3 | ||
cve-id: CVE-2024-43277 | ||
metadata: | ||
fofa-query: "wp-content/plugins/userswp/" | ||
google-query: inurl:"/wp-content/plugins/userswp/" | ||
shodan-query: 'vuln:CVE-2024-43277' | ||
tags: cve,wordpress,wp-plugin,userswp,high | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/userswp/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "userswp" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 1.2.15') |
59 changes: 59 additions & 0 deletions
59
poc/cve/CVE-2024-43285-2259cac19eda110255245b91d280697e.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2024-43285-2259cac19eda110255245b91d280697e | ||
|
||
info: | ||
name: > | ||
Presto Player <= 3.0.2 - Missing Authorization | ||
author: topscoder | ||
severity: low | ||
description: > | ||
The Presto Player plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an unauthorized action. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/06ccfd81-065f-4151-97ea-dd6d4fc79337?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | ||
cvss-score: 4.3 | ||
cve-id: CVE-2024-43285 | ||
metadata: | ||
fofa-query: "wp-content/plugins/presto-player/" | ||
google-query: inurl:"/wp-content/plugins/presto-player/" | ||
shodan-query: 'vuln:CVE-2024-43285' | ||
tags: cve,wordpress,wp-plugin,presto-player,low | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/presto-player/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "presto-player" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 3.0.2') |
Oops, something went wrong.