-
Notifications
You must be signed in to change notification settings - Fork 272
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
79ef547
commit 9cbc2cc
Showing
4 changed files
with
121 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
20241110 | ||
20241111 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2024-10265 | ||
|
||
info: | ||
name: > | ||
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter | ||
author: topscoder | ||
severity: medium | ||
description: > | ||
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/0fb1a2c2-581d-47ed-a180-9f70fdf79066?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | ||
cvss-score: 6.1 | ||
cve-id: CVE-2024-10265 | ||
metadata: | ||
fofa-query: "wp-content/plugins/form-maker/" | ||
google-query: inurl:"/wp-content/plugins/form-maker/" | ||
shodan-query: 'vuln:CVE-2024-10265' | ||
tags: cve,wordpress,wp-plugin,form-maker,medium | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/form-maker/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "form-maker" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 1.15.30') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
id: CVE-2024-10958 | ||
|
||
info: | ||
name: > | ||
WP Photo Album Plus <= 8.8.08.007 - Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay | ||
author: topscoder | ||
severity: high | ||
description: > | ||
The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||
reference: | ||
- https://github.com/topscoder/nuclei-wordfence-cve | ||
- https://www.wordfence.com/threat-intel/vulnerabilities/id/53bb0871-343a-4299-9902-682c422152d1?source=api-prod | ||
classification: | ||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | ||
cvss-score: 7.3 | ||
cve-id: CVE-2024-10958 | ||
metadata: | ||
fofa-query: "wp-content/plugins/wp-photo-album-plus/" | ||
google-query: inurl:"/wp-content/plugins/wp-photo-album-plus/" | ||
shodan-query: 'vuln:CVE-2024-10958' | ||
tags: cve,wordpress,wp-plugin,wp-photo-album-plus,high | ||
|
||
http: | ||
- method: GET | ||
redirects: true | ||
max-redirects: 3 | ||
path: | ||
- "{{BaseURL}}/wp-content/plugins/wp-photo-album-plus/readme.txt" | ||
|
||
extractors: | ||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
internal: true | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
- type: regex | ||
name: version | ||
part: body | ||
group: 1 | ||
regex: | ||
- "(?mi)Stable tag: ([0-9.]+)" | ||
|
||
matchers-condition: and | ||
matchers: | ||
- type: status | ||
status: | ||
- 200 | ||
|
||
- type: word | ||
words: | ||
- "wp-photo-album-plus" | ||
part: body | ||
|
||
- type: dsl | ||
dsl: | ||
- compare_versions(version, '<= 8.8.08.007') |