Skip to content

Commit

Permalink
20240907
Browse files Browse the repository at this point in the history
  • Loading branch information
actions-user committed Sep 7, 2024
1 parent 56b5f8f commit 5842f9d
Show file tree
Hide file tree
Showing 188 changed files with 5,991 additions and 1,809 deletions.
2 changes: 1 addition & 1 deletion date.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
20240906
20240907
82 changes: 82 additions & 0 deletions poc.txt

Large diffs are not rendered by default.

59 changes: 59 additions & 0 deletions poc/auth/remember-me-controls.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: remember-me-controls

info:
name: >
Remember Me Controls <= 2.0.1 - Unauthenticated Full Path Disclosure
author: topscoder
severity: low
description: >
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/01707346-86c2-45c8-a2c9-81a147506fa4?source=api-scan
classification:
cvss-metrics:
cvss-score:
cve-id:
metadata:
fofa-query: "wp-content/plugins/remember-me-controls/"
google-query: inurl:"/wp-content/plugins/remember-me-controls/"
shodan-query: 'vuln:'
tags: cve,wordpress,wp-plugin,remember-me-controls,low

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/remember-me-controls/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "remember-me-controls"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 2.0.1')
2 changes: 1 addition & 1 deletion poc/config/wpengine-config-check.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ info:
author: SirBugs
severity: high

http:
requests:
- method: GET
path:
- "{{BaseURL}}/wpeprivate/config.json"
Expand Down
59 changes: 59 additions & 0 deletions poc/cve/CVE-2024-1596-41f20e8eca938cd9ff68dafa1d9e8e13.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: CVE-2024-1596-41f20e8eca938cd9ff68dafa1d9e8e13

info:
name: >
Ninja Forms File Uploads <= 3.3.16 - Unauthenticated Stored Cross-Site Scripting via File Upload
author: topscoder
severity: high
description: >
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. RTX file) in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/499a1892-12b7-49d5-b65f-4f53a968a23a?source=api-prod
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cve-id: CVE-2024-1596
metadata:
fofa-query: "wp-content/plugins/ninja-forms-uploads/"
google-query: inurl:"/wp-content/plugins/ninja-forms-uploads/"
shodan-query: 'vuln:CVE-2024-1596'
tags: cve,wordpress,wp-plugin,ninja-forms-uploads,high

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/ninja-forms-uploads/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "ninja-forms-uploads"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 3.3.16')
59 changes: 59 additions & 0 deletions poc/cve/CVE-2024-38729-46edd5610f1715056586c163efdc0eae.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: CVE-2024-38729-46edd5610f1715056586c163efdc0eae

info:
name: >
MBE eShip <= 2.1.2 - Cross-Site Request Forgery
author: topscoder
severity: medium
description: >
The MBE eShip plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e1a492f6-8248-4a84-b163-7262b02563c2?source=api-prod
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss-score: 4.3
cve-id: CVE-2024-38729
metadata:
fofa-query: "wp-content/plugins/mail-boxes-etc/"
google-query: inurl:"/wp-content/plugins/mail-boxes-etc/"
shodan-query: 'vuln:CVE-2024-38729'
tags: cve,wordpress,wp-plugin,mail-boxes-etc,medium

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/mail-boxes-etc/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "mail-boxes-etc"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 2.1.2')
59 changes: 59 additions & 0 deletions poc/cve/CVE-2024-38742-fc7100fb30a9dad85a17a4452dff246d.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: CVE-2024-38742-fc7100fb30a9dad85a17a4452dff246d

info:
name: >
MBE eShip <= 2.1.2 - Information Exposure
author: topscoder
severity: medium
description: >
The MBE eShip plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to extract potentially sensitive information.
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/71c7ed80-dd39-4581-8792-31dbc75471e6?source=api-prod
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2024-38742
metadata:
fofa-query: "wp-content/plugins/mail-boxes-etc/"
google-query: inurl:"/wp-content/plugins/mail-boxes-etc/"
shodan-query: 'vuln:CVE-2024-38742'
tags: cve,wordpress,wp-plugin,mail-boxes-etc,medium

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/mail-boxes-etc/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "mail-boxes-etc"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 2.1.2')
59 changes: 59 additions & 0 deletions poc/cve/CVE-2024-43253-9f6a43d13f0e23249374c42d2056a34a.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: CVE-2024-43253-9f6a43d13f0e23249374c42d2056a34a

info:
name: >
Smart Online Order for Clover <= 1.5.6 - Missing Authorization
author: topscoder
severity: high
description: >
The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to perform an unauthorized action.
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/195788de-129e-4112-bcab-a7835c8164ca?source=api-prod
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss-score: 5.3
cve-id: CVE-2024-43253
metadata:
fofa-query: "wp-content/plugins/clover-online-orders/"
google-query: inurl:"/wp-content/plugins/clover-online-orders/"
shodan-query: 'vuln:CVE-2024-43253'
tags: cve,wordpress,wp-plugin,clover-online-orders,high

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/clover-online-orders/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "clover-online-orders"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 1.5.6')
59 changes: 59 additions & 0 deletions poc/cve/CVE-2024-43264-c9dd3a548ca235c85aee6fb97c7f00d6.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: CVE-2024-43264-c9dd3a548ca235c85aee6fb97c7f00d6

info:
name: >
Create by Mediavine <= 1.9.8 - Unauthenticated Sensitive Information Exposure
author: topscoder
severity: medium
description: >
The Create by Mediavine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8c04e40a-6d94-4688-9159-07bf27a9efe0?source=api-prod
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2024-43264
metadata:
fofa-query: "wp-content/plugins/mediavine-create/"
google-query: inurl:"/wp-content/plugins/mediavine-create/"
shodan-query: 'vuln:CVE-2024-43264'
tags: cve,wordpress,wp-plugin,mediavine-create,medium

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/mediavine-create/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "mediavine-create"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 1.9.8')
Loading

0 comments on commit 5842f9d

Please sign in to comment.