Skip to content

Commit

Permalink
20241111
Browse files Browse the repository at this point in the history
  • Loading branch information
actions-user committed Nov 11, 2024
1 parent 79ef547 commit 9cbc2cc
Show file tree
Hide file tree
Showing 4 changed files with 121 additions and 1 deletion.
2 changes: 1 addition & 1 deletion date.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
20241110
20241111
2 changes: 2 additions & 0 deletions poc.txt
Original file line number Diff line number Diff line change
Expand Up @@ -33739,6 +33739,7 @@
./poc/cve/CVE-2024-10263-5a599dd7d83925469bc803c5aabfa610.yaml
./poc/cve/CVE-2024-10263.yaml
./poc/cve/CVE-2024-10265-0929159890a98e464224f2d4b3ca4054.yaml
./poc/cve/CVE-2024-10265.yaml
./poc/cve/CVE-2024-10266-c7464e0e6f14d3d02fbbef631b0fa0d8.yaml
./poc/cve/CVE-2024-10266.yaml
./poc/cve/CVE-2024-10269-de3e977fc48c497bbd319154dc08b47e.yaml
Expand Down Expand Up @@ -33953,6 +33954,7 @@
./poc/cve/CVE-2024-1095-741eaa5507c75edbe90bc3ba4e40e5a9.yaml
./poc/cve/CVE-2024-1095.yaml
./poc/cve/CVE-2024-10958-b9e22eaad7c9ca71f94e8afa6dc3ff9c.yaml
./poc/cve/CVE-2024-10958.yaml
./poc/cve/CVE-2024-1106-e0b64108a671aa7f40b4913cd13de8d0.yaml
./poc/cve/CVE-2024-1106.yaml
./poc/cve/CVE-2024-1108-239fb729146748a4485864c46459cff9.yaml
Expand Down
59 changes: 59 additions & 0 deletions poc/cve/CVE-2024-10265.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: CVE-2024-10265

info:
name: >
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.30 - Reflected Cross-Site Scripting via add_query_arg Parameter
author: topscoder
severity: medium
description: >
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/0fb1a2c2-581d-47ed-a180-9f70fdf79066?source=api-prod
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2024-10265
metadata:
fofa-query: "wp-content/plugins/form-maker/"
google-query: inurl:"/wp-content/plugins/form-maker/"
shodan-query: 'vuln:CVE-2024-10265'
tags: cve,wordpress,wp-plugin,form-maker,medium

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/form-maker/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "form-maker"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 1.15.30')
59 changes: 59 additions & 0 deletions poc/cve/CVE-2024-10958.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
id: CVE-2024-10958

info:
name: >
WP Photo Album Plus <= 8.8.08.007 - Unauthenticated Arbitrary Shortcode Execution via getshortcodedrenderedfenodelay
author: topscoder
severity: high
description: >
The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
reference:
- https://github.com/topscoder/nuclei-wordfence-cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/53bb0871-343a-4299-9902-682c422152d1?source=api-prod
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss-score: 7.3
cve-id: CVE-2024-10958
metadata:
fofa-query: "wp-content/plugins/wp-photo-album-plus/"
google-query: inurl:"/wp-content/plugins/wp-photo-album-plus/"
shodan-query: 'vuln:CVE-2024-10958'
tags: cve,wordpress,wp-plugin,wp-photo-album-plus,high

http:
- method: GET
redirects: true
max-redirects: 3
path:
- "{{BaseURL}}/wp-content/plugins/wp-photo-album-plus/readme.txt"

extractors:
- type: regex
name: version
part: body
group: 1
internal: true
regex:
- "(?mi)Stable tag: ([0-9.]+)"

- type: regex
name: version
part: body
group: 1
regex:
- "(?mi)Stable tag: ([0-9.]+)"

matchers-condition: and
matchers:
- type: status
status:
- 200

- type: word
words:
- "wp-photo-album-plus"
part: body

- type: dsl
dsl:
- compare_versions(version, '<= 8.8.08.007')

0 comments on commit 9cbc2cc

Please sign in to comment.