-
Notifications
You must be signed in to change notification settings - Fork 272
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
56b5f8f
commit 5842f9d
Showing
188 changed files
with
5,991 additions
and
1,809 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
20240906 | ||
20240907 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: remember-me-controls | ||
|
||
info: | ||
name: > | ||
Remember Me Controls <= 2.0.1 - Unauthenticated Full Path Disclosure | ||
author: topscoder | ||
severity: low | ||
description: > | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/01707346-86c2-45c8-a2c9-81a147506fa4?source=api-scan | ||
classification: | ||
cvss-metrics: | ||
cvss-score: | ||
cve-id: | ||
metadata: | ||
fofa-query: "wp-content/plugins/remember-me-controls/" | ||
google-query: inurl:"/wp-content/plugins/remember-me-controls/" | ||
shodan-query: 'vuln:' | ||
tags: cve,wordpress,wp-plugin,remember-me-controls,low | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/remember-me-controls/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "remember-me-controls" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 2.0.1') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
59 changes: 59 additions & 0 deletions
59
poc/cve/CVE-2024-1596-41f20e8eca938cd9ff68dafa1d9e8e13.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2024-1596-41f20e8eca938cd9ff68dafa1d9e8e13 | ||
|
||
info: | ||
name: > | ||
Ninja Forms File Uploads <= 3.3.16 - Unauthenticated Stored Cross-Site Scripting via File Upload | ||
author: topscoder | ||
severity: high | ||
description: > | ||
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. RTX file) in all versions up to, and including, 3.3.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/499a1892-12b7-49d5-b65f-4f53a968a23a?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N | ||
cvss-score: 7.2 | ||
cve-id: CVE-2024-1596 | ||
metadata: | ||
fofa-query: "wp-content/plugins/ninja-forms-uploads/" | ||
google-query: inurl:"/wp-content/plugins/ninja-forms-uploads/" | ||
shodan-query: 'vuln:CVE-2024-1596' | ||
tags: cve,wordpress,wp-plugin,ninja-forms-uploads,high | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/ninja-forms-uploads/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "ninja-forms-uploads" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 3.3.16') |
59 changes: 59 additions & 0 deletions
59
poc/cve/CVE-2024-38729-46edd5610f1715056586c163efdc0eae.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2024-38729-46edd5610f1715056586c163efdc0eae | ||
|
||
info: | ||
name: > | ||
MBE eShip <= 2.1.2 - Cross-Site Request Forgery | ||
author: topscoder | ||
severity: medium | ||
description: > | ||
The MBE eShip plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e1a492f6-8248-4a84-b163-7262b02563c2?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | ||
cvss-score: 4.3 | ||
cve-id: CVE-2024-38729 | ||
metadata: | ||
fofa-query: "wp-content/plugins/mail-boxes-etc/" | ||
google-query: inurl:"/wp-content/plugins/mail-boxes-etc/" | ||
shodan-query: 'vuln:CVE-2024-38729' | ||
tags: cve,wordpress,wp-plugin,mail-boxes-etc,medium | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/mail-boxes-etc/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "mail-boxes-etc" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 2.1.2') |
59 changes: 59 additions & 0 deletions
59
poc/cve/CVE-2024-38742-fc7100fb30a9dad85a17a4452dff246d.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2024-38742-fc7100fb30a9dad85a17a4452dff246d | ||
|
||
info: | ||
name: > | ||
MBE eShip <= 2.1.2 - Information Exposure | ||
author: topscoder | ||
severity: medium | ||
description: > | ||
The MBE eShip plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to extract potentially sensitive information. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/71c7ed80-dd39-4581-8792-31dbc75471e6?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | ||
cvss-score: 5.3 | ||
cve-id: CVE-2024-38742 | ||
metadata: | ||
fofa-query: "wp-content/plugins/mail-boxes-etc/" | ||
google-query: inurl:"/wp-content/plugins/mail-boxes-etc/" | ||
shodan-query: 'vuln:CVE-2024-38742' | ||
tags: cve,wordpress,wp-plugin,mail-boxes-etc,medium | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/mail-boxes-etc/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "mail-boxes-etc" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 2.1.2') |
59 changes: 59 additions & 0 deletions
59
poc/cve/CVE-2024-43253-9f6a43d13f0e23249374c42d2056a34a.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2024-43253-9f6a43d13f0e23249374c42d2056a34a | ||
|
||
info: | ||
name: > | ||
Smart Online Order for Clover <= 1.5.6 - Missing Authorization | ||
author: topscoder | ||
severity: high | ||
description: > | ||
The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to perform an unauthorized action. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/195788de-129e-4112-bcab-a7835c8164ca?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | ||
cvss-score: 5.3 | ||
cve-id: CVE-2024-43253 | ||
metadata: | ||
fofa-query: "wp-content/plugins/clover-online-orders/" | ||
google-query: inurl:"/wp-content/plugins/clover-online-orders/" | ||
shodan-query: 'vuln:CVE-2024-43253' | ||
tags: cve,wordpress,wp-plugin,clover-online-orders,high | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/clover-online-orders/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "clover-online-orders" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 1.5.6') |
59 changes: 59 additions & 0 deletions
59
poc/cve/CVE-2024-43264-c9dd3a548ca235c85aee6fb97c7f00d6.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2024-43264-c9dd3a548ca235c85aee6fb97c7f00d6 | ||
|
||
info: | ||
name: > | ||
Create by Mediavine <= 1.9.8 - Unauthenticated Sensitive Information Exposure | ||
author: topscoder | ||
severity: medium | ||
description: > | ||
The Create by Mediavine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8c04e40a-6d94-4688-9159-07bf27a9efe0?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | ||
cvss-score: 5.3 | ||
cve-id: CVE-2024-43264 | ||
metadata: | ||
fofa-query: "wp-content/plugins/mediavine-create/" | ||
google-query: inurl:"/wp-content/plugins/mediavine-create/" | ||
shodan-query: 'vuln:CVE-2024-43264' | ||
tags: cve,wordpress,wp-plugin,mediavine-create,medium | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/mediavine-create/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "mediavine-create" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 1.9.8') |
Oops, something went wrong.